Visual Web Parts are a nice addition for SharePoint 2010 developers. A Visual Web Part is essentially SmartPart revisited and is one of the project types of the new SharePoint extensions for Visual Studio 2010. Sandboxing is one of the most interesting features of SharePoint 2010, especially for large scale implementations and hosting providers. The Sandboxing feature, or User Code Solution, allows you to easily upload a SharePoint feature into your farm into a special controlled environment – called a Sandbox. These Sandboxed features can be controlled by the SharePoint administrators so that they do not consume to much resources and automatically disable them if the exceed their limits. Sandboxed solutions also have severe security restrictions – you cannot access all objects or resources that you would like.
Visual Web Parts
The Visual Web Parts allows the developers to create and build Web Parts in a typical Microsoft manner using drag-and-drop. This will allow for better acceptance from the ASP.NET developers who are aiming for a SharePoint developers status (one notch up the ladder :-). It’s not rocket science, and all of use who knows about the excellent SmartPart are glad to see it finally supported out of the box. What happens really is that the WebPart class will load a User Control in the Web Parts CreateChildControls() method and this user control is what you can drag and drop your controls to. The Visual Studio interface nicely makes these operations seamless and takes care of all the wiring for deployment.
The Visual Web Parts will, for good and bad, make more developers creating Web Parts. In previous versions of SharePoint we had to manually create our Web Parts – which led to either really good code or really bad code (if you didn’t understand how ASP.NET and SharePoint really worked). But with Visual Web Parts I think we will see more ugly-code solutions rapidly developed – fortunately I see some room for some hard core Web Part development experience.
Sandboxed Web Parts
Since you can Sandbox your SharePoint solutions some of you by now feel pretty safe; ok, what if I get bad code – they are running in my sandbox so I just throttle the solution. This is not really the case – Visual Web Parts cannot be Sandboxed!
Since a Visual Web Part loads a User Control (.ascx) from the SharePoint Root it needs access to run the ASP.NET method LoadControl and file system access to the ControlTemplates folder in the SharePoint Root – and this is not allowed by a Sandboxed Solution, and we are back on square on and have to use the manual Web Part creation mode.
I think this is reasonable; for instance if we are to deploy a Sandboxed solution to SharePoint Online – I doubt that Microsoft (or any other host) would like us to deploy stuff into the SharePoint Root (unless we are on a dedicated machine) and there are several more reasons.
Proof of Concept
Just to show for you how it all works and how I first discovered it, and this is still asked on Twitter.
When you create a new project in Visual Studio 2010 it asks you if this project is going to be a Sandboxed or Full-trust solution, but when you choose the Visual Web Part template the Sandboxed option is disabled, so Visual Studio 2010 already there prohibits you from creating Sandboxed Visual Web Parts.
But what happens if we make a manual Visual Web Part/SmartPart? If we create an empty SharePoint Project and then choose Sandboxed solution.
Then we add a normal Web Part as a new project item, add a user control to the the mapped SharePoint folder ControlTemplates, this will make our solution look like this.
Finally we add some code to load the user control.
And then when we try to package and deploy it we get a few errors, already here Visual Studio tells us that this can’t be done.
You can even try to manually create a WSP and deploy it to SharePoint to see what happens, but I leave that exercise to you…
I hope that you by know get the idea about why Visual Web Parts cannot be Sandboxed, and that you (unlike me) don’t try to get Visual Studio 2010 to be able to create Sandboxed Web Parts.