Isolated Storage

Isolated storage is a data storage mechanism that provides isolation and safety by defining standardized ways of associating code with saved data. Standardization provides other benefits as well. Administrators can use tools designed to manipulate isolated storage to configure file storage space, set security policies, and delete unused data. With isolated storage, your code no longer needs unique paths to specify safe locations in the file system, and data is protected from other applications that only have isolated storage access. Hard-coded information that indicates where an application's storage area is located is unnecessary.

This topic contains the following sections:

• Data Compartments and Stores

• Secure Access

• Isolated Storage Locations

• Creating, Enumerating, and Deleting Isolated Storage

• Scenarios for Isolated Storage

• Related Topics

• Reference

Data Compartments and Stores

When an application stores data in a file, the file name and storage location must be carefully chosen to minimize the possibility that the storage location will be known to another application and, therefore, will be vulnerable to corruption. Without a standard system in place to manage these problems, developing ad hoc techniques that minimize storage conflicts can be complex and the results can be unreliable.

With isolated storage, data is always isolated by user and by assembly. Credentials such as the origin or the strong name of the assembly determine assembly identity. Data can also be isolated by application domain, using similar credentials.

When using isolated storage, applications save data to a unique data compartment that is associated with some aspect of the code's identity, such as its publisher or signature. The data compartment is an abstraction, not a specific storage location; it consists of one or more isolated storage files, called stores, which contain the actual directory locations where data is stored. For example, an application might have a data compartment associated with it, and a directory in the file system would implement the store that actually preserves the data for that application. The data saved in the store can be any kind of data, from user preference information to application state. For the developer, the location of the data compartment is transparent; stores usually reside on the client, but a server application could use isolated stores to store information by impersonating the user on whose behalf it is functioning. Isolated storage can also store information on a server with a user's roaming profile so that the information will travel with the roaming user.

Back to top

Secure Access

Using isolated storage enables partially trusted applications to store data in a manner that is controlled by the computer's security policy. This is especially useful for downloaded components that a user might want to run cautiously. Security policy rarely grants this kind of code permission to access the file system using standard I/O mechanisms. However, by default, code running from the local computer, a local network, or the Internet is granted the right to use isolated storage.

Administrators can limit how much isolated storage an application or a user has available, based on an appropriate trust level. In addition, administrators can remove a user's persisted data completely. To create or access isolated storage, code must be granted the appropriate IsolatedStorageFilePermission.

To access isolated storage, code must have all necessary native platform operating system rights. For example, on Windows 2000 the access control lists (ACLs) that control which users have the rights to use the file system must be satisfied. .NET Framework applications already have operating system rights to access isolated storage unless they perform (platform-specific) impersonation. In this case, the application is responsible for ensuring that the impersonated user identity has the proper operating system rights to access isolated storage. This access provides a convenient way for code that is run or downloaded from the Web to read and write to a storage area related to a particular user.

Back to top

Isolated Storage Locations

Sometimes it is helpful to verify a change to isolated storage by using the file system of the operating system. Developers might also need to know the location of isolated storage files. This location is different depending on the operating system. The following table shows the root locations where isolated storage is created on a few common operating systems. Look for Microsoft\IsolatedStorage directories under this root location. You must change folder settings to show hidden files and folders in order to see isolated storage in the file system.

Operating system	Location in file system
Windows 98, Windows Me - user profiles not enabled	Roaming-enabled stores = <SYSTEMROOT>\Application Data NonRoaming stores = WINDOWS\Local Settings\Application Data
Windows 98, Windows Me - user profiles enabled	Roaming-enabled stores = <SYSTEMROOT>\Profiles\<user>\Application Data Nonroaming stores = Windows\Local Settings\Application Data
Windows NT 4.0	<SYSTEMROOT>\Profiles\<user>\Application Data
Windows NT 4.0 - Service Pack 4	Roaming-enabled stores = <SYSTEMROOT>\Profiles\<user>\Application Data Nonroaming stores = <SYSTEMROOT>\Profiles\<user>\Local Settings\Application Data
Windows 2000, Windows XP, Windows Server 2003 - upgrade from Windows NT 4.0	Roaming-enabled stores = <SYSTEMROOT>\Profiles\<user>\Application Data Nonroaming stores = <SYSTEMROOT>\Profiles\<user>\Local Settings\Application Data
Windows 2000 - clean installation (and upgrades from Windows 98 and Windows NT 3.51)	Roaming-enabled stores = <SYSTEMDRIVE>\Documents and Settings\<user>\Application Data Nonroaming stores = <SYSTEMDRIVE>\Documents and Settings\<user>\Local Settings\Application Data
Windows XP, Windows Server 2003 - clean installation (and upgrades from Windows 2000 and Windows 98)	Roaming-enabled stores = <SYSTEMDRIVE>\Documents and Settings\<user>\Application Data Nonroaming stores = <SYSTEMDRIVE>\Documents and Settings\<user>\Local Settings\Application Data
Windows Vista	Roaming-enabled stores = <SYSTEMDRIVE>\Users\<user>\AppData\Roaming Nonroaming stores = <SYSTEMDRIVE>\Users\<user>\AppData\Local

Back to top

Creating, Enumerating, and Deleting Isolated Storage

Three main classes are provided to help you perform tasks that involve isolated storage:

• IsolatedStorageFile, which derives from IsolatedStorage, provides basic management of stored assembly and application files. An instance of the IsolatedStorageFile class represents a single store located in the file system.

• IsolatedStorageFileStream, which derives from System.IO.FileStream, provides access to the files in a store.

• IsolatedStorageScope is an enumeration that enables you to create and select a store with the appropriate isolation type.

The isolated storage classes enable you to create, enumerate, and delete isolated storage. The methods for performing these tasks are available through the IsolatedStorageFile object. Some operations require you to have the IsolatedStorageFilePermission that represents the right to administer isolated storage; you might also need to have operating system rights to access the file or directory. On Microsoft Windows NT, Microsoft Windows 2000, Windows XP, and Windows Vista, access control list (ACL) settings on the file can prevent you from accessing isolated storage. The Isolated Storage tool, Storeadm.exe, can also be used for simple store management such as listing or deleting all the stores for the current user.

For a series of examples that demonstrate common isolated storage tasks, see the how-to topics listed in Related Topics. Each example has a source file that illustrates one specific task. Instructions for setting up, compiling, and running are included on the main page of each example. The examples are provided in C# only.

Back to top

Scenarios for Isolated Storage

Isolated storage is useful in many situations. Five of the most readily identifiable scenarios are described as follows:

• Downloaded controls. Managed code controls downloaded from the Internet are not allowed to write to the hard drive through normal I/O classes, but they can use isolated storage to persist users' settings and application states.

• Shared component storage. Components that are shared between applications can use isolated storage to provide controlled access to data stores.

• Server storage. Server applications can use isolated storage to provide individual stores for a large number of users making requests to the application. Because isolated storage is always segregated by user, the server must impersonate the user making the request. In this case, data is isolated based on the identity of the principal, which is the same identity the application uses to distinguish between its users.

• Roaming. Applications can also use isolated storage with roaming user profiles. This allows a user's isolated stores to roam with the profile.

Although isolated storage is well suited to the scenarios described previously, there are a few cases in which you should not use isolated storage:

• Do not use isolated storage to store high-value secrets, such as unencrypted keys or passwords, because isolated storage is not protected from highly trusted code, from unmanaged code, or from trusted users of the computer.

• Do not use isolated storage to store code.

• Do not use isolated storage to store configuration and deployment settings, which administrators control. (User preferences are not considered to be configuration settings because administrators do not control them.)

Many of today's applications use a database to store and isolate data, in which case one or more rows in a database might represent storage for a specific user. You might choose to use isolated storage instead of a database when the number of users is small, when the overhead of using a database is significant, or when no database facility exists. Also, when the application requires storage that is more flexible and complex than what a row in a database provides, isolated storage can provide a viable alternative.

Back to top

Related Topics

Title	Description
Types of Isolation	Describes the different types of isolation.
How to: Obtain Stores for Isolated Storage	Provides an example of using the IsolatedStorageFile class to obtain a store isolated by user and assembly.
How to: Enumerate Stores for Isolated Storage	Shows how to use the IsolatedStorageFile.GetEnumerator method to calculate the size of all isolated storage for the user.
How to: Delete Stores in Isolated Storage	Shows how to use the IsolatedStorageFile.Remove method in two different ways to delete isolated stores.
How to: Anticipate Out-of-Space Conditions with Isolated Storage	Shows how to measure the remaining space in an isolated store.
How to: Create Files and Directories in Isolated Storage	Provides some examples of creating files and directories in an isolated store.
How to: Find Existing Files and Directories in Isolated Storage	Demonstrates how to read the directory structure and files in isolated storage.
How to: Read and Write to Files in Isolated Storage	Provides an example of writing a string to an IsolatedStorageFile and reading it back.
How to: Delete Files and Directories in Isolated Storage	Demonstrates how to delete isolated storage files and directories.
File and Stream I/O	Explains how you can perform synchronous and asynchronous file and data stream access.

Back to top

Reference

System.IO.IsolatedStorage.IsolatedStorage