News

Running Custom Code in SharePoint? Not For Long...

As the end approaches for code-based sandbox support in SharePoint sites, Microsoft and third parties point to a few resources for inventorying sites that use it.

• By Kurt Mackie
• 08/11/2016

Microsoft published a few resources for SharePoint developers who want to inventory SharePoint sites that rely on code-based sandbox support, with the aim of having developers rid sites of it and instead start using SharePoint Add-ins or "remote-based API solutions."

Microsoft announced about two years ago that it was deprecating code-based sandbox support -- used to run custom code, such as adding extra functionality to InfoPath forms -- in SharePoint, and the end is approaching for such support. Microsoft wants developers to use of SharePoint Add-ins or "remote-based API solutions" instead. (Microsoft said it will still support the use of declarative or no-code solutions, such as JavaScript.)

Vesa Juvonen, a senior program manager for SharePoint engineering at Microsoft and a Microsoft Certified Master, points to a few resources, in a blog post. He wrote a "transformation guidance" MSDN article that explains the code-based sandbox approach and the steps to take to identify its use in SharePoint sites. It's an inventory approach to focus on the problem areas. From that point, organizations can perhaps eliminate the unused applications rather than going about building substitute solutions, he suggested.

Microsoft's planned deprecation also applies to SharePoint servers. While Microsoft had described its deprecation plans last month as applying to SharePoint Online, Juvonen noted in the MSDN article that "code-based sandbox solutions are also deprecated in SharePoint 2013 and in SharePoint 2016."

Microsoft is offering a script for SharePoint Online, which can be used to perform a sandbox inventory. The script can be downloaded from a link in Juvonen's blog post. However, Microsoft MVP Mark D. Anderson noted in a separate blog post that this script seems to just indicate sandbox use. It lacks the ability to indicate the use of managed code, which is the aspect that is getting deprecated.

Alternatively, organizations can use a free tool from Rencore, Sandboxed Solutions Inspector, that does a little more work than Microsoft's script. It will identify sandbox use with SharePoint Online tenants, but it also identifies the use of active code, showing which site elements are involved, according to a blog post from Erwin van Hunen, a product manager for transformation at Rencore.

Sandboxed Solutions Inspector carries out an additional step by detecting and automatically removing "empty code elements from the Sandboxed solutions." These empty code elements don't serve any purpose but they are "in every Sandboxed solution that was developed -- unless the developer took special action," van Hunen explained. The tool also flags solutions with complex assemblies and with no assemblies. Users get a report.

Organizations still need to upload the solutions again after running the Sandboxed Solutions Inspector tool, though, van Hunen said.

Microsoft has been working with Rencore on SharePoint patterns and practices as well as transformation guidance, according to a Rencore video featuring Juvonen. He said in that video that organizations have "30 days" before Microsoft will pull the plug on code-based sandbox support in SharePoint. Juvonen added, though, that it's presently not possible right now to activate any new coded sandbox solutions in SharePoint sites.

Rencore's tool works in a "slightly more detailed way" than Microsoft's own script for discovering sandbox use, Juvonen noted. Users don't need to know how to use PowerShell to use Rencore's tool, he added.