Developing SharePoint Online Solutions

SharePoint Online provides a robust, flexible development surface for developers to create custom solutions, using a core subset of the development options available when developing against SharePoint on-premises.

Applies to: SharePoint Designer 2010 | SharePoint Foundation 2010 | SharePoint Server 2010

In this article
Developing SharePoint Online Solutions
Developing for SharePoint OnlineUsing Sandboxed Solutions
Accessing SharePoint Online Data Through the Client Object Models

Available in SharePoint Online

Because SharePoint Online administrators own and administer site collections in SharePoint Online, instead of entire farm installations, the development approach to SharePoint Online is necessarily scoped to the site collection.

Developing SharePoint Online Solutions

Because development in SharePoint Online is scoped to the site-collection level, two developer features form the foundation of creating custom SharePoint Online solutions:

  • Sandboxed solutions   Sandboxed solutions provide a framework for developers to create, and for SharePoint Online administrators to upload and activate, custom code solutions to SharePoint Online. Sandboxed solutions run in an environment that has access to a core subset of the server object model. The sandboxed solutions framework gives developers access to the major objects at and below the site collection level.

  • Client object model   The client object models provide three parallel and comparable representations of the core objects in the server-side SharePoint object model: a Microsoft .NET Framework managed model, a Microsoft Silverlight model, and an ECMAScript (JavaScript, JScript) model. This client object models provide remote access to SharePoint data and functionality.

    In addition, you can use client-side code to access the web services that SharePoint Online makes available and external data sources. Because of this, client-side code is a useful option if you must access either objects beyond those included in sandboxed solutions but that are available through a SharePoint Online web service, or external data.

Figure 1 shows these development options:

  • Use the server object model available to sandboxes solutions.

  • Employ the client object model and client-side code to access additional data that is available through the SharePoint web services, or data from external sources.

Notice that the SharePoint Web Part actually runs in SharePoint Online. However, the client-side code it references is downloaded to and executes on the client, employing the SharePoint client object model to connect back to SharePoint Online for data transfer.

Figure 1. SharePoint Online development options

Development options in SharePoint Online

Developing for SharePoint OnlineUsing Sandboxed Solutions

For SharePoint Online development, you use the same framework to package and deploy your custom-coded solutions that you would for an on-premises SharePoint installation: the solutions framework. When developing for SharePoint Online, you create a specific type of solution, known as a sandboxed solution. A sandboxed solution enables SharePoint Online administrators to upload their own custom code solutions.

A sandboxed solution works in much the same way as a farm (full-trust) solution. For example, sandboxed solutions enable you to bundle all the components that can be used to extend SharePoint Online into a single new file, which is known as a solution file. A sandboxed solution is a deployable, reusable package that can contain a set of Features, site definitions, and assemblies that apply to sites, and that you can enable or disable individually. You can use the sandboxed solution file to deploy the contents of a Web Part package, including assemblies, class resources, Web Part description (.dwp) files, and other package components.

Sandboxed solutions differ from farm solutions primarily in how they are deployed, and the extent of access they have to the server object model. Sandboxed solutions run in a separate process that has access to a core subset of the server object model. A solution gallery is used to store all sandboxed solutions. In addition, sandboxed solutions are assigned a custom code access security (CAS) policy.

For information about the capabilities and elements that are available for use in sandboxed solutions, CAS policy for sandboxed solutions, and resource monitoring of sandboxed solutions, see Sandboxed Solutions Architecture in SharePoint 2010.

For a list of the server object model types and members available in sandboxed solutions, see Microsoft.SharePoint.dll APIs That Are Available from Sandboxed Solutions.

SharePoint Online Solution Development Process

The following are the basic steps in the process of creating, deploying, and activating a sandboxed solution on SharePoint Online:

  1. Develop and test the solution.

    To create or customize SharePoint Online solutions, you must develop the solution on a local computer where SharePoint Server 2010 or SharePoint Foundation 2010 is installed. This includes debugging the solution; you will not be able to debug the solution directly from SharePoint Online.

    After you set up your development environment, you can use Visual Studio 2010 to create your sandboxed solutions. As a tool for promoting rapid development of SharePoint solutions, Visual Studio 2010 provides such features as advanced debugging tools, IntelliSense, statement completion, and project templates. Visual Studio 2010 provides a range of specialized templates for creating SharePoint items to include in your sandboxed solutions. In addition, Visual Studio 2010 can open and edit solution package (.wsp) files that are created in SharePoint Designer 2010, enabling designers and developers to tightly collaborate on solutions through a common framework.

    For more information about setting up your development environment, including hardware recommendations, operating system and Hyper-V options, and prerequisites, see Setting Up the Development Environment for SharePoint 2010 on Windows Vista, Windows 7, and Windows Server 2008.

    For information about how to use and customize Visual Studio 2010 to maximize your efficiency, see Using Visual Studio for SharePoint Development.

  2. Deploy and activate the solution.

    After you create and debug your sandboxed solutions on your local computer, you must hand that solution off to your SharePoint Online administrator, if you do not have SharePoint Online administration permissions. The SharePoint Online administrator uploads the solution package (.wsp) file to the Solution Gallery for activation.

    For more information, see the child topics linked to in What Can Be Implemented in Sandboxed Solutions in SharePoint 2010.

    To make the solution available to users, you must activate it. If your sandboxed solution package contains a Feature that is scoped to the site collection level, it is activated automatically. Any Feature that is scoped to the site level must be activated on the Manage site features page located at https://servername/site/subsite/_layouts/managefeatures.aspx.

  3. Monitor the activitated solution.

    Activated solutions are monitored in terms of the resources they consume. Solution performance can be monitored by using multiple types of measures including CPU execution time, memory consumption, and database query time.

Figure 2 shows the main steps of the sandboxed solution development process for SharePoint Online.

Figure 2. Sandboxed solution development in SharePoint Online

Sandboxed solution development process

For a reference implementation of a sandboxed solution, see Reference Implementation: The Sandbox Execution Model.

For training on sandboxed solutions, see Sandboxed Solutions on Channel 9.

Additional Solution Restrictions in SharePoint Online

Because it is a multi-tenant environment, when you upload a sandboxed solution to the Solution Gallery, SharePoint Online performs a further round of validation checks, in addition to those performed by on-premise SharePoint installations. A sandboxed solution cannot be activated if it contains code calling any of the following namespaces:

In addition, the following types and members cannot be called from code in a sandboxed solution in SharePoint Online:

Accessing SharePoint Online Data Through the Client Object Models

SharePoint Online includes three client object models, each of which provides roughly the same subset of the server object model that is defined in Microsoft.SharePoint.dll. The JavaScript, .NET Framework managed, and Silverlight client object models each include objects that correspond to major objects at the site-collection level or lower in the SharePoint hierarchy. The object models provide a consistent and easy-to-use, object-oriented system for interoperating with SharePoint data from a remote client or server.

Because code written against the client object models runs remotely on the client, it is not subject to the same restrictions as sandboxed solutions, and can, for example, access external data sources.

To improve security and performance, the client object models contain only the most relevant APIs for client development, not all the types and members that are represented in the server object model. Limiting the size of the client libraries reduces the amount of time that is required to download the libraries in the Silverlight and JavaScript contexts. In addition, the new APIs are designed to minimize the number of roundtrips that must be implemented for common actions.

The client object models are provided through proxy .js files and managed .dll files, which can be referenced in custom applications just as other object models. The object models are implemented as a Windows Communication Foundation (WCF) service, but they use web bindings to implement efficient request batching. All operations are inherently asynchronous, and commands are serialized into XML and sent to the server in a single HTTP request. For every command, a corresponding server object model call is made, and the server returns a response to the client in compacted JavaScript Object Notation (JSON) format, which the proxy parses and associates with appropriate objects.

Figure 3 shows the call and response flow for client object models.

Figure 3. SharePoint client object models architecture

SharePoint client object models architecture

Programs running on the client, and using one of the client object models, can add and remove lists, add, update, and delete list items, modify documents in document libraries, create sites, manage permissions of items, add and remove Web Parts from a page, and much more.

Some supported development areas include:

  • Site collections and sites

  • Lists, list items, views, and list schemas

  • Files and folders

  • Web, list, and list item property bags

  • Web Parts

  • Security

  • Content types

  • Site templates and site collection operations


Currently, you can only access SharePoint Online content programmatically by using Office ID credentials. You cannot programmatically access SharePoint Online content using users credentials from an on-premise domain, such as those imported using the DirSync tool.

Using the Silverlight Client Object Model in SharePoint Online

You can use Silverlight, and the Silverlight client object model, to create rich, sophisticated applications within SharePoint Online. You can host your Silverlight (.xap) application in its own .aspx page, or in a Web Part. SharePoint Online includes a default Silverlight Web Part, or you can create a custom Web Part as part of a sandboxed solution.

To use the SharePoint Silverlight object model within a Silverlight Web Part, you can create a Silverlight application in Visual Studio 2010, and add your code to the Page class in the default Page.xaml.cs file of your project. After you build your project, upload the project's application package (.xap) file to any document library you choose. Insert a Silverlight Web Part into a Web Parts page and point the URL source of the Web Part to the .xap file's path location in the document library. The Web Part can contain custom properties that are sent to Silverlight via the InitParameters property.

Use forms-based authentication (FBA) to authenticate users against SharePoint Online.

In addition, you can use Visual Studio 2010 to create a single solution (.wsp) file that performs the following actions when deployed and activated:

  • Deploys a Web Part, based on the default Silverlight Web Part, to host your Silverlight application

  • Deploys the Silverlight application package (.xap) file, packaged as a module, to the specified document library location

  • Creates pages, which contain your Web Part embedded in them, in the site pages collection

After the solution is activated, the user can navigate to the created pages and interact with the Web Part hosting the Silverlight application. The application itself can make use of the SharePoint Silverlight object model to access SharePoint Online data remotely, even though it appears to the user to be hosted within SharePoint Online.

Using the ECMAScript Object Model in SharePoint Online

You can employ the JavaScript object model in SharePoint Online in a similar way. You can include custom code that uses the JavaScript object model within a script block on an .aspx page, or you can create a separate .js file to include your code and reference it from the .aspx page. For more information, see Setting Up an Application Page for JavaScript.

Read More About SharePoint Client Object Models

For a more detailed introduction to the client object models, see Using the SharePoint Foundation 2010 Managed Client Object Model. For detailed technical information and implementation instructions, see the following sections in the SharePoint 2010 SDK:

For information about creating Silverlight client applications, see Using the Silverlight Object Model and How to: Use a SharePoint Project to Deploy a Silverlight Application.

For a reference implementation example of using the SharePoint client object models, see Reference Implementation: Client.

For API reference information, see Client Class Library and JavaScript Class Library.

For training on the SharePoint client object models, see Client Object Model on Channel 9.

See Also


Customizing SharePoint Online Using SharePoint Designer 2010

Developing SharePoint Online Solutions

Web Services in SharePoint Online

SharePoint Online Developer Feature Availability Matrix

SharePoint Online Quick Links

Other Resources

SharePoint Online General Reference

Sandboxed Solutions Architecture in SharePoint 2010

Microsoft.SharePoint.dll APIs That Are Available from Sandboxed Solutions

Using the SharePoint Foundation 2010 Managed Client Object Model

Using the Silverlight Object Model

Setting Up an Application Page for JavaScript

SharePoint 2010 Client Object Model

SharePoint 2010 Client Object Model Guidelines

Common Programming Tasks in the Managed Client Object Model

Client Class Library

JavaScript Class Library

SharePoint Online Developer Resource Center