This documentation is archived and is not being maintained.

Securing Isolated Storage

To control access to isolated storage, the common language runtime uses IsolatedStorageFilePermission objects. Each IsolatedStorageFilePermission object has properties that specify the following values:

The runtime demands this permission when code first attempts to open a store. It decides whether to grant IsolatedStorageFilePermission, based on how much the code is trusted. If the permission is granted, the allowed usage and storage quota values are determined by security policy and by the code's request for IsolatedStorageFilePermission. Security policy is set using .NET Framework Configuration Tool (Mscorcfg.msc). All callers in the call stack are checked to ensure that each caller has at least the appropriate allowed usage. The runtime also checks the quota imposed on the code that opened or created the store in which the file is to be saved. If these conditions are satisfied, permission is granted. The quota is checked again every time a file is written to the store.

Application code is not required to request permission because the common language runtime will grant whatever IsolatedStorageFilePermission is appropriate based on security policy. However, there are good reasons to request specific permissions that your application needs, including the IsolatedStorageFilePermission. For more information, see Requesting Permissions.

See Also

Types of Isolation | Allowed Usage and Security Risks