SandBoxed Solution
Shakir Majeed Khanhttp://sharepointtechies.wordpress.com/
MySelf
User Group Leader of SharePoint Techies, Working independently on SharePoint technologies. Trainer for Microsoft Office SharePoint Server 2007 and Window SharePoint Services 3.0 at AUC Technologies.
http://junooni.wordpress.com/ [email protected] www.facebook.com/shakir.majeed
Outline
Application Hosting and CustomizationIntroducing Sandboxed SolutionsExecuting Code in the SandboxSandbox Resource Monitoring
Application Hosting and Customization
SharePoint 3.0’s Challenge
Developers build custom solutionsAdministrators can only secure solutions with CASHard to control what is being done in custom code
Biggest cause of SharePoint support cases: custom code
Design, build, and test customizations
Developer
Install and monitor customizations
Administrator
Activate and use customizations
Site Collection Owner
SharePoint 2010 Approach
Developers build custom solutionsSite collection owners deploy, activate and implement the customizationsAdministrators leverage resource monitors to check site collection usage
Automatic triggers “turn off” custom solutions in a site collection that are too expensive and taxing on the server
Design, build, and test customizations
Developer
Monitor customizations
Administrator
Deploy, activate and use customizations
Site Collection Owner
Introducing Sandboxed Solutions
Sandboxed Solutions
Allow a subset of ‘full’ solution features
Code executes in sandbox
Are deployed by a Site Collection administrator
Stored in the Solution Gallery
Introducing Sandboxed Solutions
Sandboxed solution: site collection owners can upload to SharePoint
Empowers site collection owners to deploy new functionality w/o involvement of IT
Local/remote development options
Self-regulating and monitored by ITLimited set of permissions & functionalityResource quotas established & monitored by IT
Secure: site collection owner is in control
Sandboxed Solutions Help Enterprises
Sandboxed solutions are important because
Solve SharePoint hosting issues in corporate environmentsHosted environments much easier to manage
Reduces time to deploying custom solutions
Removing process of getting code approved and deployed by IT
Improves stability of SharePoint serversNow badly performing code isolated to site collection rather than potentially bringing down an entire server
Overview of the Sandbox
Allows a subset of the full capabilities in the SharePoint APISecure – enforcing the sandbox
Execute in a partially trusted environmentCode executes in a special service processSubject to CASValidation framework
Provides way to do custom farm wide validation for the deployed packages
Each solution is isolated to its site collection
Sandboxed Solution LifecycleInstallation• Upload into Solution Gallery• Solution is validated upon installation
Activation• Auto-activates features
Deactivation• Inert operation, extended by developer • Web Parts no longer execute
Deletion
Sandboxed Solution Elements
Web PartsListsList TemplatesCustom ActionsWorkflowsEvent ReceiversContent TypesSite Columns…
Installing & Running Sandboxed Solution
Executing Code in the Sandbox
Sandboxed Solutions Process
Root SPWeb of SPSite
Solution galleryWebParts.wsp
Web Part gallery
Per-WFE AssemblyCache
<siteguid>\company.intranet.webpart.wsp\company.intranet.dll
Sandboxed Code Serice
1
2 5
6
7
4
3
The Subset Object Model
In generalSPSite and below
No SPSecurityNo SPSite construction
SPSite
SPWeb
SPList
SPListItem
Sandbox
Sandbox and Code Access Security
AspNetHostingPermission, Level=MinimalSharePointPermission, ObjectModel=trueSecurityPermission, Flags=Execution
Full Trust
wss_usercode.config
User Code
Framework Code
My.dll
Other.dll System DLL
SharePoint DLL
SharePoint OM
API Block List
Compiling vs. Executing Sandboxed Solutions
Visual Studio 2010uses IntelliSense tohide full-trust typesAll code is compiled against the full APIThus, no “sandbox” check at compile time… only at runtimeWorkaround: change the Microsoft.SharePoint.dll project reference to reference the sandbox’s version
[..]\14\UserCode\Assemblies\Microsoft.SharePoint.dll
NOTE: Switch it back before deployment!Use this as a temporary test - do not deploy code that references the sandbox’s assembly
Full Object Model Subset Object Model
MyWebPart.dll
Proxy
Runtime
Creating a Sandboxed Solution with VS 2010
Demo
Thank You
Facebook: http://www.facebook.com/shakir.majeedBlog: http://junooni.wordpress.com/Email: [email protected]
Top Related