Unlike the forgoing sections that cover normal usage of the isolated storage feature by typical applications, this section describes the APIs used by typically by tools that enable users and administrators to managed isolated storage.
Management functions are separated into two levels: the first is intended to enable normal management of isolated storage data, the second is completely unrestricted access to any data in isolated storage. By normal management we mean common operations that cover a broad set of data across domains and assemblies:
Special APIs allow a program to enumerate all stores within isolated storage, for the current user, for the machine, or even for all users on the machine. From the enumeration of the stores, expiration dates and so forth can be accessed or changed. Use of stores via these APIs does not constitute “use” for purposes of expiration.
The following APIs provide these functions:
IEnumerator IsolatedStorageFile.GetEnumerator(IsolatedStorageScope );
The above APIs respectively require the following permissions (or greater): AdministerIsolatedStorageByUser, UnrestrictedIsolatedStorage. Access to other users isolated storage may be blocked by native operating system security independent of the security mechanisms described here (just as even with FilePermission some files may not be accessed due to ACL settings).
When enumerating stores across all users, an API is required to tell for a given store what user it is associated with. Code that has UnrestrictedIsolatedStorage permission may use IsolatedStorage.User property to get a string that represents the user.
Trusted code can use these APIs to look through the stores of many domains by enumeration, or use the API in 4.5.3 below to access specific stores directly.
It is important that opening stores within an enumeration by a fast operation – specifically, it should involve minimal I/O to open successive stores. (In the unrestricted case, enumeration across different users will involve different files; this comment is meant to apply to enumeration of files within a single user scope.)
(Note: contrary to intro above, this may be used by apps in some cases)
The following API deletes an entire store (including deletion of all contents):
static IsolatedStorageFile.Remove(IsolatedStorageScope)
The parameter specifies whether it is important to delete all the data immediately (true), or if the storage can simply be freed up for later reclamation (false). (If the intent is to remove the data from the system then the former is appropriate; if merely to make space then the latter is most efficient.)
There is no permission required for this operation – permission checks when the store is opened protect the store. (Without this operation, any code accessing the store would be able to delete all data inside it anyway.)
The last API to enable complete use of isolated storage by highly trusted code is the creation of new stores based on evidence. Use of this API requires both IsolatedStoragePermission.UnrestrictedIsolatedStorage and SecurityPermission.ControlEvidence permission.
This API enables a tool to be written to migrate isolated storage from machine to machine. Stage one enumerates all stores and copies their state and contents; stage two reads that information on another machine, creates corresponding stores and populates them with data.
class IsolatedStorageFile { static IsolatedStorageFile GetStore( IsolatedStorageScope, Object DomainIdentity, Object AssemblyIdentity); }