While it
is challenging to develop software to meet the user requirements, it is
also equally vital to protect the data handled in the software application
with the right level of security requirements. This is even more important
for internet- based applications.
Most of the time, the data saved during the application instance is about
its state and sometimes other key essential data like the user credentials,
code, application-specific complex data, etc. This can be highly vulnerable
to corruption and lead to unauthorized access to harmful programs like
viruses. To prevent such events and provide a lucid way of granting access
to store information with limited security and high reliability, .Net
framework has introduced the concept of Isolated Storage.
Isolated Storage is mainly designed to improve the security of application
data in a secure way such that the storing and retrieval method by the
application is not on adhoc basis. It provides a standard system for storage
and retrieval of data without any conflict among the applications executing
in the computer system. It enables the application to run under partial,
limited or full trust. With this, there is no need for granting access
rights to the User or the application for storing data in a specific file
or folder in the hard disk. It also provides an easy alternate solution
to avoid storing such data in a database which can bring an overhead in
maintenance and cost.
Overview of Isolated Storage
Isolated Storage allocates compartments for storing information related
to the application like application state, temporary data, etc. with/without
user-specific data. These compartments represent the Isolated Storage
and contain the actual location of directories/files in which this data
is maintained. These files can reside on a client or server based on the
requirement.
The framework provides options to the Administrator of the system to control
the file size of the Isolated Storage files based on the access level
of the User who has been granted rights. While developing an application
using Isolated Storage through code, the executing code has to possess
the required access for operating with the Isolated Storage files. By
default, the managed code executed by a .Net application has all access
rights to work with the Isolated Storage files.
This can be denied in case access rights are impersonation based. If it
is so, care should be taken to ensure that the impersonated user executing
the application using Isolated Storage files has proper operating system
rights. Isolated Storage facilitates storing information along with user’s
roaming profile in the server which will make information available always
for a roaming user.
Working with Isolated Storage
.Net framework has implemented this concept of Isolated Storage in the
form of rich classes which are included in the System.IO.IsolatedStorage
namespace. Following are the different steps involved in executing the
Isolated Storage concept in an application.
Creating a File store
Before creating a file store, it is necessary to plan for the scope of
the data in the store. The scope of information can be restricted to either
assembly calling the method and to the specific machine executing the
application OR to calling assembly and the current user. In the former
method, application-specific data can be stored while the user-specific
data can be stored in the latter method. The IsolatedStorageFile class
is used to access safe areas to store data for assemblies and users.
Writing
and reading data
Before using Isolated Storage, the assembly has to ensure that it has
sufficient permissions for which it has to be demanded. For this, IsolatedStorageFilepermission
class is used. The two important properties of this class which has to
be set for permissions are as below:
UsageAllowed - Gets or sets the types of usage allowed
UserQuota - Gets or sets the overall size of storage allowed per user
By specifying these values, the way the code intends to use Isolated Storage
is specified to the security system.
The IsolatedStorageFileStream class is used to read and write data into
the safe file stores. Since this class is derived from FileStream class,
its usage is similar to that of FileStream class. Object of this class
type is created by passing the relative path of the filename, modes of
opening the file (create or read or write) and the file store object to
include within it. Hence, at the instant of creation of this object, the
file is created or opened for reading / writing.
For reading the data, the file has to be opened in Read mode which will
fetch the file contents. Before opening the file for reading it, the file
existence has to be checked by calling the method, GetFileNames() of the
class IsolatedStorageFile with the filename as parameter.
Best practices while using Isolated Storage
• Some of the typical usage of Isolated Storage is as below:
o When a restricted access needs to be given for components that need
to be shared amongst applications
o At the server side, when the user specific data has to be maintained
for different users who request the server application, data is isolated
based on the identity that is used for impersonation by the server while
making request.
o Web applications which need to execute file handling operations for
storing/retrieving application-specific data, can use Isolated Storage
instead of File I/O classes which do not allow them to do so.
• Since the data stored through Isolated Storage is accessible to
unmanaged code and any trusted user of the system, it is advisable to
avoid storing sensitive information like unencrypted passwords, user credentials,
configuration and deployment details, etc.
• It is also suggested not to store code or complex data unless if
it is really necessary.
• Although application-specific data can be stored in Isolated Storage
in the form of database, it becomes an overhead if the data slowly becomes
voluminous, especially when the number of users becomes more. Hence, it
has to be carefully decided.
