Wrox Real World Sharepoint 2010 – Chapter 8

[Chapter 8: Building Sandbox Solutions]

CAS (Code Access Security)  – a set of policies that control which functions can be performed by code based on a set of criteria. e.G., EXECUTION OF CODE THAT IS HOSTED ON A NETWORK SHARE IS DISABLED BY DEFAULT. CAS policies are in XML. CAS doesn’t appy to the code in GAC!!!
 BIN/CAS is the approach used in 2007, but is still not perfect.  
Sharepoint 2010 – SandBox Solution. With sandbox solution, each site collection administrator can deploy the solution into a special solution gallery.  Only farm administrator will have the capability to add the new solution to the farm.

Sandbox solution is run in this IIS process: SPUHostservice.exe. Sandbox solution can access anything inside the site collection, and nothing esle. Any given time, there’s only one thing in this unique application doamin that will be running, SP will terminate the sandbox code if it executes for too long. Default: 60 seconds. All sandbox resources are tracked.

Once the site collection reaches it quota, the solutions in the site collections are shut down for the day. You can host the sandbox user code in WFE, or another sets of servers.

** Query throtting — at web application level. Default: 5000 because if > 5000 rows  SQL will apply table lock (no updates alowed) until query compelted. Solutions:
(1) Administrator has a different row quota.
(2) Turn off query throttling for a list via the property.
(3) HAPPY hour – query throttling is turned of for a few hours (such as 1-6AM).

(1) Solution Garllery in a site collection, and the Sharepoint solutions (WSP) in it. THis is sandbox deployment.
(2) SPUHostservice.exe. This is where the code is executed.

What you can and cannot do:
Three basic permissions are granted to Sandbox:
(1) SecurityPermission.Execution,
(2) AspnetHostingPermission.Level=Minimal,
(3) SharepointPermission.ObjectModel

No access to Microsoft.Sharepoint.Administratiorn

Not allowed: SPSite Constructor, SPSecurity, SPWorkitem and SPWorkitemCollection, SPUserSoluton, SPUtility.SendEmail, Microsoft.Sharepoint.Navigation, SPUtility, SPWebPartmanager, SPWebpartConnection, WebPartZone, WebPartPage, ToolPane, ToolPart, SPGridView. etc. No access to write to ULS log. Very restricted!!!! No TCP cnnection, no web service call, no reading RSS, no database connection or any backend system. No external list.

To see the resources used by the sandbox solution –> Site Actions –> Site settings –> Gallery –> Solution

use proxy to break the limitation — overriding two classes: (1) argument class and operations class, and registering your proxy to Sharepoint.

ADO.Net Data service –> REST can return ATOM XML and Javascript Object Notation (JSON).  REST is not suppoerted for external list.

Workflow – full trust – farm solution
Event receiver – full trust – farm solution.
External site use, high volumn, public-facing – overhead consideration – farm solution.

07/14/2011, 10:17PM

Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: