Types of Isolation

Access to isolated storage is always restricted to the user who created it. To implement this type of isolation, the common language runtime uses the same notion of user identity that the operating system recognizes, which is the identity associated with the process in which the code is running when the store is opened. This identity is an authenticated user identity, but impersonation can cause the identity of the current user to change dynamically.

In addition to isolation by user, access to isolated storage is restricted according to the identity associated with the application's domain and assembly, or with the assembly alone. The runtime obtains these identities in the following ways:

  • Domain identity represents the evidence of the application, which in the case of a Web application might be the full URL. For shell-hosted code, the domain identity might be based on the application directory path. For example, if the executable runs from the path C:\Office\MyApp.exe, the domain identity would be C:\Office\MyApp.exe.

  • Assembly identity is the evidence of the assembly. This might come from a cryptographic digital signature, which can be the assembly's strong name, the software publisher of the assembly, or its URL identity. If an assembly has both a strong name and a software publisher identity, then the software publisher identity is used. If the assembly comes from the Internet and is unsigned, the URL identity is used. For more information about assemblies and strong names, see Programming with Assemblies.

  • Roaming stores move with a user that has a roaming user profile. Files are written to a network directory and are downloaded to any computer the user logs into. For more information on roaming user profiles, see IsolatedStorageScope.Roaming.

By combining the concepts of user, domain, and assembly identity, isolated storage can isolate data in the following ways, each of which has its own usage scenarios:

Either of these isolations can be combined with a roaming user profile. For more information, see Isolation and Roaming.

The following illustration demonstrates how stores are isolated in different scopes.

Types of isolated storage

Isolation by user and assembly

Note that except for roaming stores, isolated storage is always implicitly isolated by computer because it uses the storage facilities local to a given computer.

See Also

Reference

Isolated Storage ScopeEnumeration

Concepts

Isolation by User and Assembly

Isolation by User, Domain, and Assembly

Isolated Storage and Roaming

Quotas for Isolated Storage

Securing Isolated Storage

Allowed Usage and Security Risks

Other Resources

Isolated Storage