Sandboxed Solutions in SharePoint 2010
The topics in this section describe sandboxed solutions in Microsoft SharePoint Foundation.
Applies to: SharePoint Foundation 2010
A sandboxed solution, in contrast to a farm solution, enables site collection administrators to install custom solutions in SharePoint Foundation without the involvement of a higher-level administrator.
The Sandbox Solution framework provides a mechanism for executing user-provided code outside of the IIS worker process. The Sandbox Solution framework should not be used as a mechanism for enforcing security boundaries when executing user code. Sandbox Solutions are not supported as a security boundary with user code, especially code of unknown origin. We advise against executing Sandbox Solutions of unknown origins.
The following are important aspects of the sandboxed solution system.
Like a farm solution, a sandboxed solution is packaged for installation in a solution package (.wsp) file.
Each site collection has a solution gallery that is used to store all sandboxed solutions.
The sandboxed solutions run in an environment that has access to a subset of the SharePoint Foundation server object model and a subset of the Microsoft .NET Framework 3.5 assemblies. Code in a sandboxed solution must also run under a significantly restricted Code Access Security (CAS) policy.
The server farm administrator can set resource usage limits to protect the server from malicious or inefficient code. Facilities are provided to help server farm administrators monitor solutions that are uploaded to these galleries. Performance can be monitored by using multiple types of measures, including CPU execution time, memory consumption, and database query time.
Farm administrators can impose additional restrictions by using custom solution validators that validate each new sandboxed solution when it is activated on a site collection.
There are techniques that enable a sandboxed solution to escape some restrictions. The two most important techniques are as follows:
A farm administrator can install, as a farm solution, a full trust proxy that provides, to sandboxed solutions, some operations that sandboxed solutions cannot perform directly.
Techniques for localizing sandboxed solutions are different from the most commonly used techniques for localizing farm solutions.
When a farm administrator believes that a sandboxed solution has proved itself safe and responsible in resource usage, it can be redeployed as a farm solution without modification or developer involvement.
The term user is sometimes used in place of sandboxed, especially in the object model for the sandboxed solutions system. For example, the namespace with the primary APIs for the system is Microsoft.SharePoint.UserCode, and the service that governs sandboxed solution execution is called SharePoint 2010 User Code Host in the Windows Services dialog box on front-end web servers. (In the Central Administration application, it is called Microsoft SharePoint Foundation Sandboxed Code Service.) This reflects an earlier name for what are now called sandboxed solutions.