Developing Sandbox Solutions


Published on

My Session in SPS Arabia - March 2010
Provides an overview about SharPoint 2010 Sandbox Solutions.

Published in: Technology
1 Comment
  • SharePoint Sandbox Solutions Presentation
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • This chronicles the process of using a custom "bugs" Web Part and solution in a particular site.The SPSite adminuploads a new solution package (*.wsp) into the Solution Gallery of the SPSite. The SPSite admin"activates" the solution.  This activates the features within the solution.  Web Part files are copied into the Web Part gallery.As part of the activation, solution is validated using the validation framework. Custom validator can be added for example to check that only solutions signed with certain key can be activated. Customers and partners can develop their own validators based on their needs.Some time later, a user decides to add a Web Part to their home page.  They go into Web Part edit mode, and click "Add a Web Part".  They notice the additional Web Part options, and click Add. SharePoint now checks to see if the bugs.dll file, which backs this Web Part, is installed into the assembly cache.  It is not. The assembly is faulted into the assembly cache; it is extracted and copied from the solution file to temporary folder in disk and loaded to memory (disk is cleaned immediately). Now the Web Part is about to be used. It is loaded into Sandbox Code service host.Processes deliver the Web Part to be executed to the service.
  • An incoming request comes in for a page with a Web Part from a partial trust assembly.   This is delegated to a Web Part proxy.  The Web Part proxy then in turn calls the worker process manager, and tells it to execute the Web Part. The worker process manager queries the configuration database to figure out which machine and process it should send the request to. The worker process then sends the request to the user code manager on that machine. The user code manager needs to ensure that the assembly backing the Web Part is locally deployed.  To do this, it reaches back into the Web Part solution package, extracts the assembly, and places it into the assembly cache. Now, the SPUserCodeManager (SPUserCodeHostService.exe) delegates the request to execute the code to SPUserCodeWorkerProcess.exe. The full trust Web Part wrapper works with the instantiated process to simulate the Web Part lifecycle.  The Web Part itself calls into the SharePoint OM to retrieve some set of data. The resulting HTML and viewstate changes are bubbled back to the hosting process, which has been synchronously waiting for this infrastructure to complete. The resulting page is sent back to the user.Rendered results sent back to the requester.
  • Developing Sandbox Solutions

    1. 1. Developing Sandbox Solutions<br />Mohamed Yehia<br />March 2010<br />
    2. 2. Ana Meen?<br />Technical Architect<br /><br />@mohdyehia<br /><br />
    3. 3. Outline<br />Challenges<br />What are Sandbox Solutions?<br />How do they work?<br />What can I do them Sandbox Solutions?<br />How can they be managed?<br />Best Practices<br />Points to Consider<br />References<br />Q&A<br />
    4. 4. Challenges<br />Dev, Admin Fight!<br />Change production farm to Full <br />Memory Leaks<br />Update web.config files<br />Bad code that eats up farm resources<br />Deploy everything to the GAC<br />Admins have some control using CAS<br />Difficult to implement<br />Difficult to get right<br />Largest cause of SharePoint Support cases<br />
    5. 5. Sandbox Solutions<br />Executes in a sandbox – a separate process<br />Controlled by CAS<br />Subset of Microsoft.SharePoint namespace<br />Deployed by Site Owners from Solution gallery<br />Can be monitored by Farm Administrators<br />
    6. 6. Why?<br />More secure<br />Rapid deployment<br />Skip application pool recycle<br />Extensible Solution validation framework<br />Can be monitored <br />Allow more manageable Hosting scenarios<br />Do not touch file system<br />Delegates deployment to Site Owners<br />
    7. 7. demo<br />Developing a Sandbox Solution<br />Sandbox vs. Farm Solutions<br />
    8. 8. Sandboxed Solutions Execution<br />2<br />1<br />5<br />6<br />7<br />4<br />3<br />Per-WFE AssemblyCache<br />RootSPWeb of SPSite<br /><siteguid>company.intranet.webpart.wspcompany.intranet.dll<br />Solution gallery<br />Web Part gallery<br />Sandboxed Code Serice<br />WebParts.wsp<br />
    9. 9. Sandbox Solution Processes<br />Under SharePoint RootUser Code<br />SPUserCodeHostService<br />Manages Sandbox solutions<br />SPUserCodeWorkerProcess<br />Sandbox<br />Executes partially trusted code<br />SPUCWorkerProcessProxy<br />Proxy service used by web application<br />
    10. 10. Sandbox Solution Restrictions<br />No SPSecurity<br />No SPSite constructor<br />Site Collectionis the limit<br />
    11. 11. Supported In Sandbox Solutions<br />List definitions<br />List instances<br />Onet.xml<br />WebTemplate Feature element instead of Webtemp.xml<br />Content Types/Fields<br />Navigation<br />Module/files<br />Feature callouts<br />Web Parts derived from WebPart<br />Event receivers <br />SPItemEventReceiver<br />SPListEventReceiver<br />SPWebEventReceiver<br />Custom Actions<br />Workflows<br />
    12. 12. Not Supported In Sandbox Solutions<br />SharePoint<br />Custom Action groups<br />HideCustomAction element<br />Content Type Binding<br />Web Application-scoped Features<br />Farm-scoped Features<br />CustomPropertyToolPart Class<br />Programmatic workflow<br />Event receivers<br />SPLimitedWebPartManager<br />Timer jobs<br />visual WebParts<br />SharePoint mapped folders (e.g. "_layouts", and "images")<br />.Net<br />ADO.NET<br />System.IO<br />System.Security.Cryptography<br />System.Web.UI.ClientScriptManager<br />
    13. 13. demo<br />What’s not allowed?<br />
    14. 14. Managing Sandbox Solution<br />Activate User Code Service<br />Load Balancing<br />Local<br />Run on WFE<br />Remote<br />Dedicated servers<br />Specify Quotas<br />
    15. 15. Sandbox Solution Monitoring<br />Part of Site Collection Quota<br />Across all sandbox solutions in the site collection<br />Each measure defines:<br />Resource Per point <br />Absolute Limit<br />Reset daily<br />
    16. 16. Sandbox Solution Monitoring<br />14 Metrics<br />AbnormalProcessTerminationCount<br />CPUExecutionTime<br />CriticalExceptionCount<br />InvocationCount<br />PercentProcessorTime<br />ProcessCPUCycles<br />ProcessHandleCount<br />ProcessIOBytes<br />ProcessThreadCount<br />ProcessVirtualBytes<br />SharePointDatabaseQueryCount<br />SharePointDatabaseQueryTime<br />UnhandledExceptionCount<br />UnresponsiveprocessCount<br />
    17. 17. demo<br />Managing and Monitoring Sandbox Solutions<br />
    18. 18. Validating Sandbox Solutions<br />Deployed as Farm Solutions<br />Runs when solution is activated or changed<br />All validators run an all solutions<br />Inherit from SPSolutionValidator class<br />Override<br />ValidateSolution<br />ValidateAssembly<br />
    19. 19. demo<br />Validating Sandbox Solutions<br />
    20. 20. Full Trust Proxies<br />Designed to overcome Sandbox API restricution<br />Deployed as Farm Solution<br />Inherit from <br />Microsoft.SharePoint.Usercode.SPProxyOperation<br />Microsoft.SharePoint.Usercode.SPProxyOperationArgs<br />Consume the proxy using<br />SPUtility.ExecuteRegisteredProxyOperation<br />
    21. 21. Wrap Up<br />Consider Sandbox Solutions first<br />Safe<br />Monitored<br />Allow more manageable hosting scenarios <br /> Be creative with your solution design<br />Site Collection and below<br />
    22. 22. Considerations<br />Use Silverlight + WCF instead of Full Trust Proxy<br />Need to upgrade all copies of the solution across all site collections<br />Quotas are for all sandbox solutions in the site collection<br />Wait and see<br />Further Improvement<br />Quota for each solution<br />Define validators on the site collection<br />
    23. 23. References<br />Sahil Malik ( / @sahilmalik)<br />Dave Milner (<br />SiriniSistla (@ sirinisistla)<br />SharePoint 2010 Sandboxed Solution<br />Paul Stubbs <br />Developing, Deploying, and Monitoring Sandboxed Solutions in SharePoint 2010 – MSDN Magazine<br /><br />
    24. 24. Thanks<br />Stay tuned for <br /><ul><li>Next Gathering
    25. 25. SharePoint 2010 Community Launch on May 12th</li></ul><br />@mohdyehia<br /><br />