Sandboxed Solutions in SharePoint 2010
Updated: February 2011
The topics in this section describe sandboxed solutions in Microsoft SharePoint Foundation.
A sandboxed solution, in contrast to a farm solution, enables site collection administrators to install custom solutions in SharePoint Foundation without the involvement of a higher-level administrator.
The following are important aspects of the sandboxed solution system.
Like a farm solution, a sandboxed solution is packaged for installation in a solution package (.wsp) file.
Each site collection has a solution gallery that is used to store all sandboxed solutions.
The sandboxed solutions run in an environment that has access to a subset of the SharePoint Foundation server object model and a subset of the Microsoft .NET Framework 3.5 assemblies. Code in a sandboxed solution must also run under a significantly restricted Code Access Security (CAS) policy.
The server farm administrator can set resource usage limits to protect the server from malicious or inefficient code. Facilities are provided to help server farm administrators monitor solutions that are uploaded to these galleries. Performance can be monitored by using multiple types of measures, including CPU execution time, memory consumption, and database query time.
Farm administrators can impose additional restrictions by using custom solution validators that validate each new sandboxed solution when it is activated on a site collection.
There are techniques that enable a sandboxed solution to escape some restrictions. The two most important techniques are as follows:
A farm administrator can install, as a farm solution, a full trust proxy that provides, to sandboxed solutions, some operations that sandboxed solutions cannot perform directly.
Techniques for localizing sandboxed solutions are different from the most commonly used techniques for localizing farm solutions.
When a farm administrator believes that a sandboxed solution has proved itself safe and responsible in resource usage, it can be redeployed as a farm solution without modification or developer involvement.
The term user is sometimes used in place of sandboxed, especially in the object model for the sandboxed solutions system. For example, the namespace with the primary APIs for the system is Microsoft.SharePoint.UserCode, and the service that governs sandboxed solution execution is called SharePoint 2010 User Code Host in the Windows Services dialog box on front-end web servers. (In the Central Administration application, it is called Microsoft SharePoint Foundation Sandboxed Code Service.) This reflects an earlier name for what are now called sandboxed solutions.