Category Archives: Sandboxed Solution

Sandboxed Solution

Restrictions in SharePoint 2010 Sandboxed Solutions – Part 2

Posted on by

The code inside SharePoint 2010 Sandboxed Solutions is limited by code access security policy restrictions. The code access security policy for the sandboxed solution worker process is defined in the %ProgramFiles%Common FilesMicrosoft Sharedweb server extensions14CONFIGwss_usercode.config file and it is referenced in %ProgramFiles%Common FilesMicrosoft Sharedweb server extensions14UserCode.

The following permission levels are denied by code access security policy.

No

Denied Permissions

Impact

1

DirectoryServicesPermission

2

DnsPermission

3

EnvironmentPermission

4

EventLogPermission

5

FileIoPermission

Cannot read/write to file system

6

IsolatedStorageFilePermission

7

PrintingPermission

8

ReflectionPermission

9

RegistryPermission

10

SecurityPermission

Cannot access unmanged code, Threads, App Domains etc.

11

SMTPPermission

Cannot access .NET Reflection APIS and non-public class & members in managed code

12

SqlClientPermission

13

SocketPermission

14

UIPermission

15

WebPermission

 

The following permission levels are granted by code access security policy.

No

Granted Permissions

Impact

1

SharePointPermission.ObjectModel

2

ASPnetHostingPermission=Minimal

Can execute resources, but not read/write access to resources

3

SecurityPermission.Execution

 

This completes the final part (Part 2) of the article ‘Restrictions in SharePoint 2010 Sandboxed Solutions’.

 Subscribe to my blog

Full Trust Proxies in SharePoint 2010 Sandboxed Solution – Faqs

Posted on by
  1. What is full trust proxy in the context of SharePoint 2010 Sandboxed Solution?

    A full trust proxy is a mechanism that allows Sandboxed Solution to make a call to trusted assembly outside the Sandbox environment. The trusted assembly can be designed to make external calls (to database or web services), which Sandbox solutions cannot reach. This needed, because not all the SharePoint 2010 solutions might want to live as Sandboxed (with restrictions). In most of the cases, the assemblies inside SharePoint solutions might want to make external calls (to a database or to a web service).

     

  2. How to create a full trust proxy operation in Sandboxed Solution?

    Here are the steps required to create full trust proxy operation using Visual Studio:-    

    1. Create a farm solution , create a c# class that is derived from SPProxyOperation and override Execute method
    2. Create another c# class (in the same solution), that is derived from SPProxyOperationArgs. Pass an instance of this class to the Execute method of SPProxyOperation class.
    3. Create a Feature Receiver to register operation with SharePoint Foundation User Code Service
    4. In the Sandboxed Solution project, create a class that calls the proxy operation
    5. Deploy the Sandboxed solution

       

  3. In which process does the full trust proxy runs?

    The full trust proxy does not run in w3wp.exe, rather it runs in SPUCWorkerProcessProxy.exe.

     

  4. How to programmatically activate the full trust proxy with user code service?

    The following is the code snippet for activating full trust proxy.

     

         SPProxyOperationType proxyOperationType = new SPProxyOperationType(type.Assembly.FullName, type.FullName);

    SPUserCodeService userCodeService = SPUserCodeService.Local;

    userCodeService.ProxyOperationTypes.Add(proxyOperationType);

    userCodeService.Update();

     

  5. How to programmatically de-activate the full trust proxy with user code service?

    The following is the code snippet for de-activating full trust proxy.

 

     SPProxyOperationType proxyOperationType = new SPProxyOperationType(type.Assembly.FullName, type.FullName); 






     SPUserCodeService userCodeService = SPUserCodeService.Local; 







     userCodeService.ProxyOperationTypes.Remove(proxyOperationType); 







     userCodeService.Update(); 






 Subscribe to my blog

			

	
	



				
					


	

		

			Restrictions in SharePoint 2010 Sandboxed Solution – Part1
		


				

			Posted on  by 		

			


		

		
We all know that SharePoint 2010 Sandbox Solution is restricted and it has access to only the subset of functionalities available in Microsoft.SharePoint namespace. In this article, we’ll see restrictions imposed by Sandboxed solutions. Basically, the calls made by Sandboxed solution are routed through subset proxy, which in turn makes the calls to the full object model. In this case, the subset proxy brings in the restriction by exposing limited set of functionalities. Here is the list of API exposed by subset proxy. 















No




Namespace




Restriction








1




Microsoft.SharePoint




All of the Microsoft.SharePoint namespace except the following 


 


a)SP Site Constructor 


b)SP Security Object 


c)SPWorkItem and SPWorkItemCollection objects 


d)SPAlertCollection.Add method 


e)SPTransformUtilities Object 


f)SPUserSolution and SPUserSolutionCollection objects 


 








2




Microsoft.SharePoint.Utilities




All of the Microsoft.SharePoint.Utility namespace except the following :- 


 


a)SPUtility.SendEmail method 


b)SPUtility.GetNtFullNameandEmailFromLogon








3




Microsoft.SharePoint.WebPartsPage




All of Microsoft.SharePoint.WebPartsPage 


Except the following 


 


a)SPWebPartManager object 


b)SPWebPartConnection object 


c)WebPartZone Object 


d)WebPartPage Object 


e)ToolPart object 


f)ToolPane Object










 


If we examine the restrictions carefully, we can infer that the capabilities of the core foundational object model is available in the Sandboxed Solutions. However the advanced capabilities like Search, BCS, Access Services and Excel Services are restricted. 


Next, we’ll see what are all the SharePoint 2010 Project types supported by Sandboxed Solutions. 















No




SharePoint projects supported by sandboxed solution




SharePoint projects not supported by sandboxed solution








1




Content Types / fields












2




Modules / files




Application pages








3




List definitions




Web application scoped features








4




List instances




Custom action group








5




Site definitions




HideCustomAction element








6




Web Template Features 




Content type binding








7




Web parts (non-visual)


 






8




Feature Callouts


 






9




Declarative workflows


 






10




Custom actions


 






11




SPWebEventReceiver


 






12




SPListEventReceiver


 






13




SPItemEventReceiver


 








 


Here are few more restrictions. The code inside Sandboxed solution cannot perform the following operations:- 


a) Cannot read/write to the file system 


b) Cannot call the network 


c) Cannot write to the Registry 


d) Cannot call assemblies deployed out of Global Assembly Cache 


The next part of the article would cover the CAS policy restrictions on Sandboxed solution 


 Note:-


At this point of time, the Visual Web Parts can be created as Sandboxed Solutions with the help of Visual Studio Power Tools for SharePoint.


   


 Subscribe to my blog