Click here to Skip to main content
Click here to Skip to main content

Using Isolated Storage to Store Application User Data in the .NET Framework

, 16 Apr 2009 CPOL
Rate this:
Please Sign up or sign in to vote.
Using Isolated Storage to store application user data in the .NET Framework

Introduction

Most of our applications are installed under the local user account which has full-trust permissions. But what if we were to deploy the applications in a more secure environment, say an office where the administrator does not wish to grant you write access?

Well the .NET Framework provides a little less known feature called Isolated Storage to overcome such restrictions. The cool part of this feature is that the .NET Framework takes care of all the plumbing work of creating, fetching and reading the files. However the most important aspect of Isolated Storage is to overcome security limitations of applications writing data to the operating system. Your application will be able to write/read user data to/from the underlying O/S regardless of it running under partial, limited or full-trust mode when it uses Isolated Storage.

Overview

So how does it work? The framework creates stores in an isolated environment in which the application can create and use both files and directories. Further other applications will not have access to this store and two users on the same system will have different stores for the same application. It is very much like a virtual file system. 

Building Blocks

It uses the System.IO.IsolatedStorage namespace of the .NET Framework.

It makes use of the IsolatedStorageFile, IsolatedStorageFileStream classes. 

Using the Code 

The sample application creates and stores project files that contain a name and version. The UserStore.cs class does all of the heavy lifting and you can use this in your projects or even extend it for whatever other requirements you may have.

Screenshot.jpg

Let us take a look at the UserStore class. We must first grant permissions to the class that will use Isolated Storage. We can do this by using the following annotation with the class or method.

  [IsolatedStorageFilePermissionAttribute(SecurityAction.Demand)]
    public class UserStore

Then we need to instantiate an IsolatedStorageFile object called ifl:

 IsolatedStorageFile ifl;

        public UserStore()
        {
            ifl = IsolatedStorageFile.GetUserStoreForAssembly();
        }

Create the project files in the storage:

 public void createProject(string fname,string content)
        {           
            IsolatedStorageFileStream isf = new IsolatedStorageFileStream(fname+".prj",
 					FileMode.Create, ifl);
            StreamWriter sw = new StreamWriter(isf);
            sw.Write(content);
            sw.Close();

        }

Get files from the storage:

  public string[] getProjects() 
  {
             string []files = ifl.GetFileNames("*.prj");
             return files;
  } 

To read the contents of a file, create a IsolatedStorageFileStream and wrap it in a StreamReader:

  public string getProjectContents(string fname) 
  {
             IsolatedStorageFileStream isf = new IsolatedStorageFileStream(fname,
 						FileMode.Open, ifl);
             StreamReader sr = new StreamReader(isf);
             string content = sr.ReadToEnd();
             sr.Close();
             return content;
  }

Delete a file from the storage:

 public void deleteProject(string fname)
 {
            ifl.DeleteFile(fname);
 } 

Points of Interest

Isolated storage isn't a substitute for securing sensitive information. As you can see from the screen shot, the file location and contents of the file are easily accessible. I strongly recommend encrypting passwords and other sensitive data before storing them in the Isolated Storage area.

location.jpg

You can set quotas for space available to each user of the application by specifying it in the class annotation.

[assembly:IsolatedStorageFilePermissionAttribute
	(SecurityAction.Demand, UserQuota=5242880)] 

This is important from a Security Architecture point of view as you can benefit running under lower user privileges.

In the next article, I'd like to introduce Smart Clients. This will be a base for that article.

History

  • 16th April, 2009: Initial post

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Ritesh Ramesh
Architect Infosolvex Solutions Inc
Australia Australia
Ritesh is an IT consultant with over ten years of experience in the IT industry varying from consultation, architecture, design, development to technical management. He has a strong background in solutions and applications architecture with a focus on Microsoft’s .Net platform. His area of expertise spans design and implementation of client/server, database and web-based systems. He has worked with C#, ASP.NET 1.1 and 2.0, ADO.NET, Web Services and SQL technology on several enterprise class projects.
 

 

Freedom is not worth having if it does not include the freedom to make mistakes.
Mahatma Gandhi

Comments and Discussions

 
GeneralHello PinmemberMember 466105826-Nov-10 4:15 
GeneralVery good article, only a small correction... PinmemberJustino_8-Oct-09 8:02 
GeneralGood article adn great find PinmemberDonsw16-May-09 13:19 
GeneralGreat information; thanks!! PinmemberDbMan175-May-09 8:55 
GeneralVery good PinmemberMember 281035916-Apr-09 23:35 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.1411022.1 | Last Updated 16 Apr 2009
Article Copyright 2009 by Ritesh Ramesh
Everything else Copyright © CodeProject, 1999-2014
Layout: fixed | fluid