Where are Assemblies in Sandboxed Solutions Deployed?
Published: February 2011
This topic describes where and how assemblies in sandboxed solutions are deployed.
The fact that sandboxed solutions cannot deploy files to a file system of servers raises the question of where the assemblies in sandboxed solutions are deployed and persisted.
The contents of the .package file in a sandboxed solution that is open in Microsoft Visual Studio says that the global assembly cache is the deployment target of assemblies in sandboxed solutions. As this topic makes clear, this is not the case.
The assemblies in a sandboxed solution are included in the solution package (.wsp file), and the package is deployed to the site collection's Solutions Gallery. When a sandboxed solution is accessed for the first time, such as when a user navigates to a page that contains a Web Part from a sandboxed solution, any assemblies in the solution are extracted from the package in the gallery and copied to the file system of the server that is handling the sandboxed request. The location is C:\ProgramData\Microsoft\SharePoint\UCCache. The executable of this service is SPUCHostService.exe. The server that handles the sandboxed request is not necessarily the front-end web server that is handling the initial HTTP request: The Microsoft SharePoint Foundation Sandboxed Code Service can be run on back-end application servers in the farm instead. Because the sandboxed user process (SPUCWorkerProcess.exe) cannot copy anything to the file system, the copying is done by the Microsoft SharePoint Foundation Sandboxed Code Service.
The assemblies of a sandboxed solution do not stay in the file cache perpetually. When the user session that accessed the solution ends, the assemblies stay in the cache for only a short time, and they may be reloaded from there if another user session accesses them. Eventually, if they are not accessed, they are removed in accordance with a proprietary algorithm that takes into account how busy the server is and how much time has gone by since the assemblies were last accessed. If the sandboxed solution is used after that time, the assemblies are extracted again and copied to the UCCache.
Administrators, developers, and third-party code should not add, remove, or load anything from the UCCache. It should only be accessed by the SharePoint infrastructure.