SP 2010 – Sandbox Solutions – Mysterious but truly awesome

So SP 2010 is out and we have finally got hold of the new version of SharePoint. Among the new features is the exciting feature – Sandbox solutions.

In MOSS one of the pain points with the WSP was the fact that it was a farm level deployment and it was difficult to control it across site collections which were not relevant to the code deployed. In comes the messiah – sandbox solution. It gives us the control to deploy the Sandbox solution at the SPSite level or the site collection level. But here is not where the good news ends. This also provides a platform to deploy safe solutions. . The infrastructure will be used to limit the security vulnerabilities of sandboxed solutions through a combination of a subset representation of the object model and a Code Access Security (CAS) policy.

And above all the sandbox solution allows you to help administrators monitor untrusted code; the monitoring infrastructure includes the ability for site collection administrators to self-administer user solutions and provides a way, in aggregate, to limit the resources used by solutions. The monitoring will collect as many metrics as possible, aggregate those metrics per solution and per site collection, calculate a single overarching metric, and enforce a resource quota that is based on the metric.

A large array of measures of resource consumption will be tracked. They include the following:

·         CPU execution time

·         Memory consumption

·         SQL query time

·         Abnormal termination

·         Critical exceptions

·         Unhandled exceptions

·         Data Marshalling size


As I discussed above the functionality or API’s exposed are restricted. Among the functionality not allowed are:

1.       SPRunWithElevated Functionality.

2.       File IO are not allowed.

3.       Any functionality where you access the OM above the SPSite level is not allowed. E.g. SPVirtualServer, etc.

4.       Querying protected data using SPQuery

5.       Calling a CAS Secured method

More on this in my next bog post.

Skip to main content