Appendix: Isolated Storage
What Is Isolated Storage?
Isolated storage is a Microsoft
®
.NET feature that is used for lightweight data
persistence. This appendix provides the explanation of isolated storage and then
describes the limitations of isolated storage. Also covered is using isolated
storage to persist user preferences and application state.
Isolated storage is an alternative to persistently storing data in a file or in a
database. When a Web application stores data in a file, the file name and
storage location must be chosen carefully. If the file name and storage location
are not chosen carefully, there is a possibility that the storage location will be
known to another Web application, which can then make the original Web
application vulnerable to attack. Isolated storage manages this problem by
providing a separate database storage mechanism that provides isolation by
defining standardized ways of associating code with saved data. In isolated
storage, data is stored in a logical storage compartment. Each storage
compartment is isolated by some aspects of the code's identity. These
identifying aspects of the code can include the application domain, assembly,
and user. For the developer, the actual location of the storage compartment is
transparent. Only the identity aspects are required to access the compartment.
Microsoft ASP.NET Web applications, by default, cannot use file input/output
(I/O). Isolated storage is useful in ASP.NET Web applications for storing user
preferences and application state.
Isolated storage is not a secure storage medium. Isolated storage is not
protected from highly trusted code, from unmanaged code, or from trusted
users.
Isolated storage should not be used to store configuration settings that an
administrator might want to control. Configuration files are a better location for

Finally, both the stream and the storage are closed, as shown in the following
code example:
[Visual Basic]
Dim store As IsolatedStorageFile
store = IsolatedStorageFile.GetStore( _
IsolatedStorageScope.User Or _
IsolatedStorageScope.Domain Or _
IsolatedStorageScope.Assembly, Nothing, Nothing)
store.CreateDirectory("Files")

Dim stream As IsolatedStorageFileStream
stream = New IsolatedStorageFileStream("settings.txt", _
FileMode.Create, store)

' Use the Write method to set the file's contents.
stream.Close()
store.Close()

[C#]
IsolatedStorageFile store =
IsolatedStorageFile.GetStore(IsolatedStorageScope.User |
IsolatedStorageScope.Domain |
IsolatedStorageScope.Assembly, null, null);
store.CreateDirectory("Files");

IsolatedStorageFileStream stream =
new IsolatedStorageFileStream("settings.txt",
FileMode.Create, store);
//
// Use the Write method to set the file's contents

[Domain]
<System.Security.Policy.Url version="1">
<Url>file://C:/Demos/IsoStore.exe</Url>
</System.Security.Policy.Url>

[Assembly]
<System.Security.Policy.Url version="1">
<Url>file://C:/Demos/IsoStore.exe</Url>
</System.Security.Policy.Url>

Size : 2048

StoreAdm.exe
THIS PAGE INTENTIONALLY LEFT BLANK