Sandboxed Solutions in Partnership with Full-Trust Proxies in SharePoint 2010

SharePoint 2010

This topic explains proxies that can be called by a sandboxed solution to execute an action that is ordinarily not available to sandboxed solutions.

Last modified: August 11, 2016

Applies to: SharePoint Foundation 2010

Microsoft SharePoint Foundation provides several ways that sandboxed solutions can escape the usual restrictions on what they can do and what they can access. One of these techniques is to create a special kind of operation that runs in a full trust process, but that can be called from a sandboxed solution.

Caution note Caution

The Sandbox Solution framework provides a mechanism for executing user-provided code outside of the IIS worker process. The Sandbox Solution framework should not be used as a mechanism for enforcing security boundaries when executing user code. Sandbox Solutions are not supported as a security boundary with user code, especially code of unknown origin. We advise against executing Sandbox Solutions of unknown origins.

The operation is deployed as a farm solution by a farm administrator who trusts it and is prepared to let sandboxed solutions call it. These operations are called full-trust proxy operations.

Note Note

Because the assembly with the full-trust proxy operation must be deployed by a farm administrator as a farm solution, this technique cannot be used when farm deployment is not an option, such as when your solution is to be deployed to Microsoft SharePoint Online. In such scenarios, you can use other techniques to escape the sandbox restrictions, such as using client object model code to access resources that are not otherwise available to sandboxed solutions.

The proxy operation technique requires that a farm solution be developed that includes one or more classes that derive from SPProxyOperation. Each of these defines an operation that runs in full trust, and that you can call from sandboxed solutions by using the ExecuteRegisteredProxyOperation method. For detailed information about creating and deploying a full-trust proxy operation and calling it from a sandboxed solution, see How to: Create a Full-Trust Proxy Operation.

Although the assembly with the full-trust proxy operation runs in full trust, it does not run in the main w3wp.exe process that is handling the HTTP request. Instead, it runs in the SPUCWorkerProcessProxy.exe process that is described in Escaping the Sandbox Restrictions. The proxy operations can return data to the sandboxed solution.

Figure 1 shows how a request that accesses a sandboxed solution is processed when the sandboxed solution makes a call to a full-trust proxy operation.

Figure 1. Request processing model when a sandboxed solution calls a full-trust proxy operation

Sandbox and full-trust proxy process model

Although you can develop a full-trust proxy operation and a sandboxed solution as a pair of projects designed to work with one another, this would not be the typical scenario. If the farm administrator trusts your code enough to deploy the proxy as a farm solution, you might equally well make the whole project a farm solution. More frequently, a full-trust proxy operation is developed to provide a service to multiple sandboxed solutions.