What is Sandbox solutions and its limitations
Sandbox solution is a new feature introduced in SharePoint 2010. It's a secured wrapper around webparts and other elements with limitations. There is no thumb rule that every webpart in SharePoint 2010 belongs to Sandbox Solution. But it's recommended to develop webparts with Sandbox solution. It allows administrators to monitor the solutions and control as required. SharePoint Site Collection administrators can view the resource utilization of each solution and can block if it consumes too much resources. Usually when sites working slow, developers complain the server is slow whereas site/server administrators blame on Develepor code/solutions. Now Microsoft put a Full Stop to that. :)
Technically speaking SharePoint solutions run in seperate worker processes and not in w3wp.exe. So It doesn't require IIS Reset or Application Pool Recycling. Without disturbing the SharePoint site, Sandbox solutions can be deployed. Only thing while deploying new version of Sandbox solution over existing solution, SharePoint will display No Solution found error in Sandbox Webparts on the page. However within seconds sandbox solutions getting deployed and it'll start working. In SharePoint 2007, only farm administrators can install/deploy developer solutions. But Now site collection administrators can deploy solutions with web based interface. This reduces the dependency of Farm Administrator and improves rapid deployment.
Here the processes which required for Sandbox solutions.
- SPUCWorkerprocess.exe - Sandbox Worker process service
which is a Seperate Service Application which actually executes Sandbox
code. It should be started in every farm to use Sandbox solutions.
- SPUCWorkerProcessProxy.exe - Sandbox Worker process
proxy which is working as a proxy for Worker process and takes care of
Sandbox code execution. It can also serve to other farms if configured.
Basically it helps site administrator for load balancing.
- SPUCHostService.exe - Sandbox User Code Service takes care of user code in Sandbox amd it can be started in the farms where to use Sandbox solutions.
As I said before, Sandbox is a secured wrapper and it has restrictions on code to run in SharePoint environment. Few Key limitations which developers should know are listed below.
- No Security Elevation - RunWithElevatedPrivileges which
runs the specified block of code in application pool account(typically
System Account) context is not allowed in Sandbox code. SPSecurity class
also not allowed to use in Sandbox.
- No Email Support - SPUtility.SendMail method has been
blocked explicitly in Sandbox, However .Net mail classes can be used to
send mails. Additionaly sandbox won't allow to read Farm SMTP address.
So developers has to specify the SMTP address in code itself(may be some
- No Support to WebPartPages Namespace - Sandbox won't allow to use Microsoft.SharePoint.WebPartPages namespace.
- No Support to external Webservice - Internet web
service calls are not allowed to ensure security in Sandbox solutions.
Allow Partially Trusted code also can't be accessed within Sandbox.
- No GAC Deployment - Sandbox solutions are not stored
in File System(Physical path) and assemblies can't be deployed to Global
Assembly Cache(GAC). But it's available on
C:\ProgramData\Microsoft\SharePoint\UCCache at runtime. Note the
ProgramData is a hidden folder.
- No Visual Webparts - Visual Studio 2010 by default won't allow to create Visual Webparts to deploy as sandbox solution. But with Visual Studio PowerTools extensions(downloadable from Microsoft MSDN website) Visual Webparts can be developed and deployed as sandbox Solutions.