Hands-On Lab

Developing Sandboxed Solutions for Web Parts

Lab version: Last updated: 1.0.0 5/27/2010

Overview
Lab Time: 20 minutes

Lab Overview: The support for sandboxed solutions provides an important new deployment mechanism for SharePoint. With a development methodology that is the same for full farm solutions the key focus point is not on what to build, but on what can be built. In this lab exercise you will construct a basic Web Part that will call into the SharePoint API to retrieve some information. Next it will try and use SPSecurity to try and elevate privileges. The third and last action that is added is an attempt to initiate a HTTP connection to an external site.

Exercise 1: Creating the Web Part

In this exercise you will open up an existing SharePoint project that has been configured for sandboxed deployment. You will then write test three different types of code. 1. Open Visual Studio 2010. If you are prompted to choose Default Environment Settings, choose Visual C# Development Settings. 2. From File Open Project/Solution and browse to the C:\HOL\SharePoint\Sandbox folder. 3. Select the SandboxedWebPart solution to open the project. 4. Using the Solution Explorer, right-click the SandboxedWebPart project and select Add New Item. Complete the dialog that appears using the following information. a. Visual C# SharePoint 2010 b. Template: Web Part c. Name: WebPart1 After the web part is added, Solution Explorer should resemble the following:

Figure 1 Adding a web part 5. Using the Solution Explorer, expand Features, right-click Feature1 and choose View Designer. In the designer that appears, verify the Scope. It should be set to Site. (In this context, site means site collection.)

Figure 2 Change the feature scope 6. In the WebPart1.cs tab, locate the WebPart1 class. Now add the following code to the CreateChildControls method: C#
protected override void CreateChildControls() { Label message = new Label(); Controls.Add(message); Controls.Add(new WebControl(HtmlTextWriterTag.Br)); Button testButton1 = new Button(); testButton1.Text = "Test 1"; testButton1.Click += delegate { message.Text = String.Format("This site contains {0} lists", SPContext.Current.Web.Lists.Count); }; Controls.Add(testButton1); }

This code calls into the SharePoint object model and returns the number of lists found in the current web site. 7. In the WebPart1 class, add the following code to the CreateChildControls method that you have added earlier. This code will utilize the SPSecurity object. Note: If you manually type SPSecurity, Visual Studios IntelliSense does not recognize it as a valid object, but once you type the entire line out, Visual Studio wont add the red underlined squiggle line indicating a syntax error. This is because when creating sandboxed solutions, you are still building against the full SharePoint object model, but Visual Studio uses a different IntelliSense file to help the developer know which objects they will not have access to when the component runs in the sandbox. C#
protected override void CreateChildControls() { // CODE OMMITTED FOR BREVITY Controls.Add(testButton1);

Button testButton2 = new Button(); testButton2.Text = "Test 2"; testButton2.Click += delegate { try { SPSecurity.RunWithElevatedPrivileges( delegate { using (SPSite siteCollection = new SPSite(SPContext.Current.Site.ID)) { SPWeb site = siteCollection.OpenWeb(SPContext.Current.Web.ID); message.Text = String.Format( "This site contains {0} lists", site.Lists.Count); } }); } catch (Exception e) { message.Text = e.Message; } }; Controls.Add(testButton2); }

This code uses the RunWithElevatedPrivileges method to run under a higher security context. 8. In the WebPart1 class, add the following code to the CreateChildControls method that you have added earlier. C#
protected override void CreateChildControls() { // CODE OMMITTED FOR BREVITY Controls.Add(testButton1); // CODE OMMITTED FOR BREVITY Controls.Add(testButton2); Button testButton3 = new Button(); testButton3.Text = "Test 3"; testButton3.Click += delegate { try {

System.Net.HttpWebRequest.Create("http://microsoft.futureofproductivity.com"); } catch (Exception e) { message.Text = e.Message; } }; Controls.Add(testButton3); }

This code uses a standard Web request. When this web part is tested, you will see whether this type of call is allowed or not. Now that the code has been added for the three buttons, you will deploy and test out this web part.

9. On the Build menu, select Build Solution. This will compile your web part. 10. On the Build menu, select Package. This will have Visual Studio generate a WSP solution package. 11. Open up Windows Explorer and navigate the C:\HOL\SharePoint\Sandbox\bin\debug folder. Confirm that you find the compiled WSP package named SandboxedWebPart.wsp 12. Open up Internet Explorer and navigate to http://microsoft.futureofproductivity.com/sites/bvluserxxx where bvluserxxx is your login name 13. Inside SharePoint, click Site Actions Site Settings. 14. In the Galleries category, click Solutions. 15. Just above the ribbon, click Solutions (next to Library) and then click Upload Solution in the ribbon. 16. In the Upload Solution dialog box, browse to the C:\HOL\SharePoint\Sandbox\bin\debug folder and select the SandboxedWebpart.wsp file. Click the OK button to upload this file to the Solution gallery. 17. When prompted to Activate Solution, click the Activate button in the ribbon. This will activate the feature inside the solution package for the site collection. 18. In the breadcrumb, click Team Site to return to the home page. 19. On the ribbon, select the Page tab and choose the Edit button in the ribbon. 20. Click the on the Insert tab in the Editing Tools tab group. 21. Click the Web Part button in order to show the Web Part pane. 22. On the Web Part pane, select the Custom group, then select WebPart1 and click the Add button.

23. On the ribbon, click the Save & Close button to stop editing the page.

Figure 3 Add the web part to the home page 24. On the WebPart1, click the Test 1 button in order to test calling into the object model for the current site collection. The page should refresh displaying a message of how many lists are in the current site:

Figure 4 Execute the Test 1 button Calling into the SharePoint object model is allowed from Sandboxed web parts.

25. On the WebPart1, click the Test 2 button in order to test the call to SPSecurity. 26. Notice that an exception is thrown. It shows that this Web Part, which is running in the sandbox, cannot include a reference to the SPSecurity type:

Figure 5 Security exception Calling into SPSecurity is not allowed from Sandboxed web parts.

27. In the breadcrumb, click Team Site to reset the web part to the initial view. 28. On the WebPart1, click the Test 3 button in order to test creating an HTTP connection. 29. Notice that an exception is thrown because the sandbox is running in a special CAS policy that blocks all System.Net.WebPermission demands, as the HttpWebRequest object does.

Figure 6 A Permission exception Making external HTTP calls is not allowed from Sandboxed web parts. In this exercise, you created a web part that was configured to deploy as a Sandbox solution. You then uploaded and activate the WSP package. You then tested various types of code to see what is and is not allowed to run from the Sandbox.