domingo, 12 de febrero de 2012

SharePoint SandBox Solution Execution process

Sandbox Solutions  ==  user solutions

It  is a new feature introduced in SharePoint 2010

Sandbox is a secured wrapper and it has restrictions on code to run in SharePoint environment

Sandbox solution assembly (dll) will be deployed to content database

farm solution assembly (dll) will be deployed(Assembly target type) to GAC (Assemblies run with full trust by default. They are globally installed, so they will work in any Web application)  or Web Application (bin – cas policies , tends to available in only one web app)

Physical location of GAC files  click  Start | Run and type in “c:\windows\assembly\

SandBox Sol can access  only data within site collection

  • Can be uploaded by site collection administration, so no need of farm administrator to install the solution and they can view the resource utilization of each solution and can block if it consumes too much resources. Usually when sites working slow, developers complain the server is slow whereas site/server administrators blame on Develepor code/solutions.
  • Technically speaking SharePoint solutions run in seperate worker processes and not in w3wp.exe. So It doesn’t require IIS Reset or Application Pool Recycling. Without disturbing the SharePoint site, Sandbox solutions can be deployed. Only thing while deploying new version of Sandbox solution over existing solution, SharePoint will display No Solution found error in Sandbox Webparts on the page. However within seconds sandbox solutions getting deployed and it’ll start working.

User Code processes

SPUCWorkerprocess.exe - Sandbox Worker process service which is a Seperate Service Application which actually executes Sandbox code. It should be started in every farm to use Sandbox solutions.

SPUCWorkerProcessProxy.exe – Sandbox Worker process proxy which is working as a proxy for Worker process and takes care of Sandbox code execution. It can also serve to other farms if configured. Basically it helps site administrator for load balancing.

SPUCHostService.exe – Sandbox User Code Service takes care of user code in Sandbox amd it can be started in the farms where to use Sandbox solutions.

Steps involved in Execution process:

1 –  Execution manager on SharePoint  server decides which process to use  w3wp.exe or SPUCWorkerProcess

2-  control is passed to the SPUCHostService.exe process

3-  UserCodeHostservice passes the code to sandbox worker process (SPUCWorkerProcess.exe)

Here untrusted code is validated against the limited available subset of object model

If it succeeds the operation is performed by the full, non sandbox object model

  • when u create a visual studio project, visual studio build process(compilation) is done using full object model,so if u used full object model namespace.. u can’t catch them during build process

Exceptions in sand boxed solutions :

Projects or item types  which are used for more than one site or adds files to file system

  • Site Definition projects
  • Visual webpart ( in this user controls are deployed to file system)
  • BCS Models
  • Application pages
  • workflow with  custom code
  • In code we cannot use SPFarm and SPServcie objects and cannot use spsite for accessing other site info by passing URL  in constructor
  • No Security Elevation – RunWithElevatedPrivileges which runs the specified block of code in application pool account(typically System Account) context is not allowed in Sandbox code. SPSecurity class also not allowed to use in Sandbox.
  • No Email Support – SPUtility.SendMail method has been blocked explicitly in Sandbox, However .Net mail classes can be used to send mails. Additionaly sandbox won’t allow to read Farm SMTP address. So developers has to specify the SMTP address in code itself(may be some other workaround).
  • No Support to WebPartPages Namespace – Sandbox won’t allow to use Microsoft.SharePoint.WebPartPages namespace.
  • No Support to external Webservice – Internet web service calls are not allowed to ensure security in Sandbox solutions. Allow Partially Trusted code also can’t be accessed within Sandbox.
  • No GAC Deployment – Sandbox solutions are not stored in File System(Physical path) and assemblies can’t be deployed to Global Assembly Cache(GAC). But it’s available on C:\ProgramData\Microsoft\SharePoint\UCCache at runtime. Note the ProgramData is a hidden folder.
  • No Visual Webparts – Visual Studio 2010 by default won’t allow to create Visual Webparts to deploy as sandbox solution. But with Visual Studio PowerTools extensions(downloadable from Microsoft MSDN website) Visual Webparts can be developed and deployed as sandbox Solutions.

Benefits of sandboxed solutions

  • Can be uploaded ,deployed by Site collection admin and can be managed easily

Management of  user solutions

  • By navigating to solution gallery – activate ,deactivate, upload, delete, can verify the resource usage



No hay comentarios:

Publicar un comentario