Independent storage
Separate storage is a data storage mechanism that defines standardized associations between code and saved data to provide isolation and security. At the same time, standardization also provides other benefits. Administrators can use tools designed to operate independent storage to configure file storage, set security policies, and delete unused data. By independent storage, the code no longer needs to use the unique path to specify the security location in the file system, while protecting the data from other applications with independent storage access rights. No longer need to indicate the "hardcod" information of the storage area location of the application. By using independent storage, partial applications can be stored in a manner that is controlled by computer security policies. This is especially useful for web applications and download components that users need to run with caution. The security policy is rarely granted to this code to access the file system using the standard I / O mechanism, but by default, the code operated in the local computer, the local network, or the Internet is granted using independent storage.
Independent storage introduction
When the application stores data in the file, you must carefully select the file name and storage location, minimize the possibility of other applications know that the storage location is not easily damaged. If there is no standard system to handle these issues, it is not easy to develop special techniques that minimize storage conflicts may not be easy, and the technology developed is not reliable.
By using independent storage, data will always be isolated by users and assemblies. The source or strong name of the assembly determines the identity of the assembly. By using similar credentials, the data can also be isolated by the application domain.
When using independent storage, the application saves the data to a unique data cabin associated with certain aspects (such as web sites, issuers, or signatures). The data chamber is an abstract storage location, not a specific storage location, which consists of one or more independent storage files (called store), which contains the actual directory location of the stored data. For example, a web application may have a data cabin associated with it, a directory in a file system will implement a storage area that actually retains application data. The data saved in the storage area can be any type of data, whether the user's preference information or the application status can be. For developers, the location of the data cabin is transparent; the storage area typically resides in the client, but the server application can use the independent storage area to store information by simulating the users you serve. Separate storage can also save information and user roaming profiles on the server so that roaming users can use this information at any time.
Administrators can limit applications or users to how many independent storage based on appropriate trust levels. In addition, administrators can remove all of the user's persistent data. To create or access stand-alone storage, you must grant the appropriate ISOLATORAGEPERMISSION.
To access independent storage, the code must have the necessary local platform operating system permissions. For example, the Access Control List (ACL) must be met on Windows 2000, which users have permissions using the file system. The Microsoft .NET Framework application has an operating system permission to access independently store unless (platform-specific) simulation is performed. In this case, the application is responsible for ensuring an appropriate operating system authority that is simulated with an appropriate operating system access to stand-alone storage. For code running or from a web download, this access provides a simplicity of reading and writing a storage area associated with a particular user.
Sometimes, using the file system of the operating system to verify that the changes that are made by the independent storage are very helpful. Developers may also need to know the location of independent storage files. This position is different from the operating system. The following table shows the root location that creates a standalone store on several common operating systems. Look for the Microsoft / IsolatedStorage directory in this root. You must change the folder setting to display the hidden files and folders to check the independent storage in the file system.
operating system
Location in the file system
Windows 98, ME - User Profiles are not enabled
Enable roaming storage =
Non-roaming storage area = Windows / Local Settings / Application Data
Windows 98, ME - User Profile Enabled
Enable roaming storage =
Non-roaming storage area = Windows / Local Settings / Application Data
Windows NT 4.0
Windows NT 4.0 - Service Pack 4
Enable roaming storage =
Non-roaming storage area =
Windows 2000 - Upgrade from NT 4.0
Enable roaming storage =
Non-roaming storage area =
Windows 2000 - New installation (and upgrade from Windows 98 and NT 3.51)
Enable roaming storage =
Non-roaming storage area =
Independent storage
Independent storage can be used in many cases. The following introductions have been introduced in the following:
Download control. The managed code control downloaded from the Internet is not allowed to write the hard drive through the normal I / O class, but they can use independent storage to hold user settings and application status.
Long-lasting web application storage. Web applications are also banned from using I / O class. These programs can use independent storage for the same purpose as the download component.
Share component storage. Components in applications can use independent storage to provide controlled access to the data storage area.
Server storage. Server applications can provide a separate storage area using a large number of users who stand independently stored as requiring applications. Since the stand-alone store is always isolated by the user, the server must simulate a request for the request. In this case, according to the identity of the user, the identity is used to distinguish the identity of its user as the same identifier.
roaming. Applications can also use independent storage and roaming user profiles. This allows the user to roam together with the profile.
Although the independent storage is well suited for the above, in a small number of cases, you should use independent storage:
Separate storage should not be used to store important secrets (such as non-encrypted keys or passwords) because of the highly trusted code, unmanaged code, or computer's assignment user.
Independent storage should not be used to store code.
Separate storage should not be used to store configuration and deployment settings, which are controlled by administrators. (Because the administrator does not control the user's preference, the user preferences are not considered to be a configuration settings.)
Many of today's applications use databases to store and isolate data, in which case one or more rows in the database may represent a particular user's storage. When the number of users is small, when the system overhead using the database is very large or when there is no database function, you can choose to use independent storage without using the database. In addition, when the application requires a more flexible and complex storage than the storage provided by the database, the independent storage can also provide a viable alternative. Isolated type
Access to individual storage is always limited to creating the stored user. To achieve this type of isolation, the user ID of the public language runtime use is the same as the operating system identification, the user ID annotation is an identifier associated with the process that is running in the time of the memory area. Although this logo is a user ID that has verified identity, the simulation can cause the current user's identity to dynamically change.
In addition to user isolation, access to independent storage is limited depending on the domain and assembly of the application (or only related to the assembly). These identifiers are obtained in several ways to run out:
The domain identifier representing the evidence of the application, in the case of the Web application, the domain identifier may be a complete URL. For code hosting the housing, the domain identifier may be based on the application directory path. For example, if the executable is running in the path C: /Office/myApp.exe, the domain identifier may be C: /office/myapp.exe.
The assembly identifier is evidence of the assembly. The assembly identifier may come from the encrypted digital signature, which can be the strong name of the assembly, the issuer of the assembly or its URL ID. If the assembly has a strong name and the issuer ID, use the issuer ID. Use the URL ID if the assembly is from the Internet and not signature.
The roaming storage area and the user with a roaming user profile move together. The file is written to the network directory and downloaded to any computer logged in. For more information on roaming user profiles, see IsolatedStorageScope.roaming.
Combine the concepts of users, domain, and assembly identities, independent storage can isolate data as in the following ways, each way has its own usage:
Isolate by user and assembly.
Isolate by user, domain, and program.
Each of these two isolation can be combined with roaming user profiles.
The following illustration illustrates how to isolate the storage area in different ranges.
Independent storage type
Note that in addition to the roaming storage area, the independent storage is always implicitly isolated, because stand-alone stores the storage capabilities of a given computer.
Isolation by user and assembly
When you need to access the data stores used from any application domain to access the data stores, it is appropriate to isolate by user and assembly. Typically, in this case, it is independently stored data for storing data across multiple applications (such as the user's name or permission information), which does not depend on any particular application. To access the storage by users and program sets, the code must be trusted to transfer information between the application. Typically, it is allowed to be isolated on intranet, but not allowed to be used on the Internet. Call the static getStore method for ISOLATEDSTORAGEFile and incur a user and assembly ISOLALATEDSTORAGESCOPE will return to have such isolation.
The following code example retrieves the storage area that is isolated by the user and the program. The storage area can be accessed via the ISOFILE object.
[C #]
IsolatedStorageFile isofile = isolatedStorageFile.getStore (isolatedStorageScope.user | IsolatedStorageScope.assembly, null, null);
Another method can be used as a shortcut, as shown in the following code example. This shortcut cannot be used to open the roaming storage area, in which case use GetStore.
[C #]
IsolatedStorageFile isofile = isolatedStorageFile.getuserstoreForassembly ();
Isolation by user, domain, and program
If the application uses a third-party assembly that requires a private data store, isolation storage can be used to store private data. Press User, Domain, and Program Set to ensure that only the application is only used when the app is run using the assembly when running in the assembly to create a storage area, and only the application is concentrated only when the application is run for the user to create a storage area. The code can access the data. Press User, Domain, and Program Sets to make a third-party assembly to disclose data to other applications. This isolation type should be your default selection if you know that you want to use quarantine storage but is not sure which type of isolation is to be used. Call the static getStore method for IsolatedStorageFile and incur a user, domain, and assemblies ISOLATEDSTORAGESCOPE will return to have such isolation.
The following code example retrieves the storage area that is isolated by the user, domain, and program. The storage area can be accessed via the ISOFILE object.
[C #]
IsolatedStorageFile isofile = isolatedStorageFile.getStore (isolatedStorageScope.user | isolatedStorageScope.Domain | IsolatedStorageScope.assembly, null, null;
Another method can be used as a shortcut, as shown in the following code example. This shortcut cannot be used to open the roaming storage area, in which case use GetStore.
[C #]
IsolatedStorageFile isofile = isolatedStorageFile.getuserstoreFordOMain ();
Independent storage and roaming
Roaming User Profiles are a feature of Microsoft Windows (which features the Windows NT, Windows 2000, and some updated Windows 98 systems), which allow users to set identifiers on the network and use this identity to log in to any network Computers, all personal settings do not change on different computers. Using a separately stored assembly can specify the user's independent storage and roaming user profiles together. Roaming can be used with users and assessments or by user, domain, and program set isolation. If the roaming range is not used, the storage area does not roam even if the roaming user profile is used.
The following code example retrieves the roaming storage area that is isolated by the user and the program. The storage area can be accessed via the ISOFILE object.
[C #]
IsolatedStorageFile isofile = isolatedStorageFile.getStore (isolatedStorageScope.user | IsolatedStorageScope.assembly | isolatedStorageScope.roaming, null, null;
You can add a domain range to create a roaming storage area isolated by user, domain, and application. The following code example has been demonstrated.
[C #]
IsolatedStorageFile isofile = isolatedStorageFile.getStore (isolatedStorageScope.user |
IsolatedStorageScope.assembly |
IsolatedStorageScope.domain |
IsolatedStorageScope.roaming, null, null;
Independent storage quota
The quota is a limit to the number of independent storage available. Quotas include bytes of file space and system overhead associated with directory and other information in the storage area. Separately store usage ration quotas, which is a storage restriction using the ISOLATEDSTORAGEPERMISSION object. If you try to write data beyond the quota, IsolatedStorageException is triggered. The security policy determines the permissions granted to the code, which can be modified using the .NET Framework Configuration Tool (MSCORCFG.MSC). The code restrictions that are granted ISOLATEDSTORAGEPERMISSION are not allowed to use the storage range of the stored in the UserQuota property. However, since the code can bypass the permissions quota by means of different user IDs, the privilege quota is used as a guide to how to work, not the hard limits of the code behavior. No quotas are enforced to the roaming storage area. Therefore, a slightly higher level of privilege is required to use their code. AssemblyissionByroaminguser and DomainiSolaionByroaminguser are two specified enumerations that use roaming users independently stored privileges.
Protection independent storage
To control access to independent storage, the public language runtime uses the ISOLATEDSTORAGEPERMISSION object. Each ISOLATEDSTORAGEPERMISSION object has an attribute that specifies the following values:
Allowed usage, which points out the allowed access type. This value is a member of the ISOLATedStorageContainment enumeration.
Stored quota.
When the code is attempted to open the storage area for the first time, the runtime requires this permission. It decides whether to grant IsolatedStorageFilePermission based on the credibility of the code. If this permission is granted, the allowable usage and storage quota values are determined by security policies and code to the request for IsolatedStorageFilePermission. The security policy uses the .NET Framework Configuration Tool (MSCORCFG.MSC). Check all the calls in the stack to ensure that each caller has at least an appropriate allowable usage. The run library also checks the quota for the code, which opens or creates a storage area that will be saved in it. If these conditions are met, the permissions are granted. The quota will be checked again when writing to the store.
Since the public language runtime will grant any appropriate ISOLATORAGEFILEPERMISSION according to the security policy, the request permission does not require application code. However, there is a good reason to request specific permissions needed by the application, including IsolatedStorageFilePermission.
Allowed usage and security risks
IsolatedStorageFilePermission Specifies the license to determine the level of allowing code to create and use independent storage. The following table shows how the allowable usage specified in the permission corresponds to the type of isolation and summarizes the security risks associated with each allowed usage.
Allowed usage
Isolation type
Security impact
None
Any independent storage is not allowed.
There is no security impact.
DomainiSolationByuser
Isolate by user, domain, and program. Each assembly has a separate sub-store in the domain. The storage area using this permission is also implicitly isolated.
This level cannot prevent others from unauthorized abuse of resources, although the mandatory quota adds some difficulties to this practice. This is called a refusal service attack.
DomainiSolationByroaminguser
The same as the previous one, but if the roaming user profile is enabled, the storage area saves the roaming position.
Because quotas must be disabled, storage resources are more vulnerable to denial of service attacks.
AskEMBLYISOLATIONBYUSER
Isolate by user and assembly. The storage area using this permission is also implicitly isolated.
The quota is enforced this level to help prevent denial of service attacks. Since the same assembly in another domain can access the storage area, this makes information possible to disclose between applications.
AssemblyiSolationByroaminguser
The same as the previous one, but if the roaming user profile is enabled, the storage area saves the roaming position. As with the previous one, but there is no quota, increasing the risk of denial of service attacks.
AdministeriSolatedStorageByuser
Isolated by user. Typically, only this level of permissions are only managed or debug tools.
Use this permission to access the allowable code to view or delete any user independently store files or directories (regardless of whether the assembly is isolated). The risk includes (but is not limited to) leak information and data loss.
UnrestrictedSolatedStorage
Press all users, domain, and program sets. Typically, only this level of permissions are only managed or debug tools.
This privilege may happen the entire independent storage area throughout the user.
Execute independent storage tasks
It provides three main classes to help you perform tasks involving independent storage:
IsolatedStorage-derived ISOLATEDSTORAGEFILE provides basic management of the stored assembly and application files. An instance of the ISOLATEDSTORAGEFILE class represents a single storage area in the file system.
IsolatedStorageFileStream derived from System.IO.FileStream provides access to files in the storage area.
IsolatedStorageScope is an enumeration that allows you to create and select a storage area with an appropriate isolation type.
Separate storage classes allow you to create, enumerate and remove independent storage. Methods that perform these tasks can be used through the ISOLATEDSTORAGEFILE object. Some operations require you ISOLATEDSTORGEFILEPERMIRISSION (which represents managed independent storage); you may also need to have operating system permissions for access files or directories. On Microsoft Windows NT and Microsoft Windows 2000, the Access Control List (ACL) setting on the file prevents you from accessing separate storage. Separatem.exe can also be used in simple storage area management, such as listing or deleting all stores of the current user.
