MSDN Magazine - March 2009 - (Page 15) JUSTIN VAN PATTEN CLR INSIDE OUT Isolated Storage In Silverlight 2 In the August MSDN Magazine CLR Inside Out column, Andrew Pardoe gave a brief overview of isolated storage in Silverlight (msdn.microsoft.com/ magazine/cc721609). In this column, I’ll provide more details on isolated storage in Silverlight along with some best practices for using it in your own apps. Before diving into isolated storage, let me first explain what I/O functionality is available in Silverlight. Silverlight applications are partial-trust applications that run in a sandboxed environment inside a Web browser. As such, arbitrary access to the file system is not permitted. And for good reason—you wouldn’t want random, potentially malicious Silverlight applications you come across while browsing the Web to be accessing your personal files or wreaking havoc with your system. But there are valid scenarios where it is useful to allow Silverlight applications some amount of limited access to the file system, whether it’s for reading files (with the end user’s consent) or storing data locally on the client. Both scenarios are supported in Silverlight in a limited and safe way: the former is enabled with the OpenFileDialog and the latter with isolated storage. Like cookies, isolated storage provides the ability to store data on the client between application invocations. But unlike cookies, isolated storage is a full-fledged virtual file system, providing applications with the ability to create, read, write, delete, and enumerate files and directories inside the virtual file system. Isolated storage can be used in the same way as cookies, to maintain state and simple application settings, but it can also be used to save large amounts of data locally on the client. Isolated storage isn’t new to Silverlight; it has been part of the .NET Framework since v.. Today Silverlight ships with a simplified subset of the .NET Framework’s isolated storage APIs, but it also includes new APIs that provide additional functionality along with some new concepts. Isolated storage lets you store data on the client, but unlike cookies, it’s a virtual file system. a malicious application from being able to access arbitrary files and directories on the disk—such as ..\..\..\..\Windows\System—where it could cause damage or access sensitive information. Silverlight applications have access to two different stores: a user + application store (or application store) that is isolated by user identity and application identity and a user + site store (or site store) that is isolated by user identity and site identity. Isolating stores based on the identity of the user, application, and site means that an application can only access the stores to which it is permitted access; it cannot access the stores of other applications. The user identity that Silverlight employs is the same user identity of the underlying operating system. Silverlight isolates per user by storing all isolated storage data in the current user’s local application data directory. Figure 1 has more details on where isolated storage is located for each operating system. The application store is a unique store per application. A Silverlight application can only access its application store; it cannot access any other application’s application store. The application store is based on the identity of the user and the identity of the application. The identity of a Silverlight application is the full URL to the Silverlight application’s XAP file. For example, http://microsoft. com/app.xap is the application identity of a Silverlight application hosted at http://microsoft.com/app.xap. The application identity is case insensitive, so both http://MICROSOFT.COM/app.XAP and http://microsoft.com/app.xap have the same identity. The application store isn’t new to Silverlight; it has existed in the .NET Framework since v.. The following code shows how to create a file in the application’s application store: try { using (var store = IsolatedStorageFile.GetUserStoreForApplication()) using (var stream = store.CreateFile("hello.txt")) using (var writer = new StreamWriter(stream)) { writer.Write("Hello World"); } } catch (IsolatedStorageException) { // Isolated storage not enabled or an error occurred } Isolation As you may expect, one of the key facets of isolated storage is isolation. Isolated storage is composed of many different unique stores, each of which can be thought of as its own virtual file system. Paths cannot escape the bounds of the virtual file system, which effectively isolates the store from the rest of the file system. This prevents Send your questions and comments to clrinout@microsoft.com. March 2009 15 http://msdn.microsoft.com/magazine/cc721609 http://msdn.microsoft.com/magazine/cc721609 http://microsoft.com/app.xap http://microsoft.com/app.xap http://microsoft.com/app.xap http://microsoft.com/app.xap http://microsoft.com/app.xap
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.