Enabling user (sandboxed) code in SharePoint 2010


With SharePoint 2010 Microsoft has added the ability to run code in a more protected and limited environment than the fully-trusted farm deployment level. This allows individual site owners to install third-party code without risking the stability and integrity of the entire SharePoint server farm or even an individual server.

As you’d expect, there are certain things you won’t be able to do from the sandbox, such as access the filesystem or use .ascx user controls in your web parts. However, the added control over the code can make this tradeoff worth it if you can deal with the limitations.

I’m going to show a few points of configuration for the user code service in this post. The user code service is the mechanism by which SharePoint runs the sandboxed code. In normal non-sandbox code execution, the third-party code runs in-process with the rest of SharePoint in the ASP.NET w3wp.exe process. As you probably know, this is the familiar ASP.NET worker process that forms the actual IIS application pool that runs our .NET code within IIS. In order to isolate the sandbox from this main SharePoint process, Microsoft has another process that is hosted outside of IIS completely. In order to do this, there is a Windows service called the SharePoint 2010 User Code Host. The short name of the service is SPUserCodeV4 and the process name is SPUCHostService.exe.

Windows services console

This process also spawns two other processes, SPUCWorkerProcess.exe and SPUCWorkerProcessProxy.exe. We can attach a debugger to SPUCWorkerProcess.exe in order to debug user code.

Process Explorer showing the process hierarchy of SPUCHostService

Ok, now that we know a bit about how the code is run on the server at the OS level, we need to look at one more thing. Under the SharePoint central administration site we can go to the server and look at all of the services that are running on the machine.

SharePoint service administration console

Although we can start and stop the service directly in Windows, the SharePoint management console will not always stay in sync with whether the service is actually running. It is better to manage the services through the central administration console, as stopping the service there will also set its startup type to “Disabled” so that the service does not start back up on a server reboot.

Hopefully this gives you a bit more background on the sandbox or user code service in SharePoint 2010.


No Responses Yet to “Enabling user (sandboxed) code in SharePoint 2010”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: