Contents
Can a web part be created in a sandbox?
Web Parts can also be created in a sandboxed solution. By default, a sandboxed solution has restricted access to the underlying system. This provides greater security and monitoring of the Web Part. For more information about sandboxed solutions, see Sandboxed Solutions in SharePoint 2010.
As explained in Sandboxed Solutions Architecture in SharePoint 2010, sandboxed code runs in a separate worker process from the standard Microsoft ASP.NET worker process, and it makes calls to a third, full-trust proxy process. This fact imposes some restrictions on sandboxed solutions regardless of the permissions of the sandboxed worker process.
Additionally, Microsoft Visual Studio 2010 can deploy solutions directly to the sandbox during development. Enabling sandboxed solutions in a SharePoint farm is simple because it requires enabling only a single Windows service, the User Code Service.
How is sharepoint.dll redirected in sandboxed worker process?
As explained in Sandboxed Solutions Architecture in SharePoint 2010, calls from code in the sandboxed worker process to the Microsoft.SharePoint.dll are redirected to a special version of that assembly. The special version is in some ways less privileged than other assemblies in the sandboxed worker process, but in other ways it is more privileged.
Why does the SharePoint Foundation use minimal permissions?
By default, SharePoint Foundation uses a minimal set of permissions in order to protect the server and underlying infrastructure from malicious code. If your Web Part needs greater access than what is provided in the minimal settings, there are a number of ways to increase the permissions of your Web Part, but only one is recommended.
SharePoint Foundation has built-in security policies built on top of the built-in security policies of ASP.NET. By default, SharePoint Foundation uses a minimal set of permissions in order to protect the server and underlying infrastructure from malicious code.
How can I increase access to my Web part?
If your Web Part needs greater access than what is provided in the minimal settings, there are a number of ways to increase the permissions of your Web Part, but only one is recommended. You can create a custom CAS policy for your Web Part, or increase the overall trust level of the server farm in the web.config file.