Securing Isolated Storage
To control access to isolated storage, the common language runtime uses IsolatedStorageFilePermission objects. Each IsolatedStorageFilePermission object has properties that specify the following values:
Allowed usage, which indicates the type of access that is allowed. The values are members of the IsolatedStorageContainment enumeration. For more information about these values, see the table in Allowed Usage and Security Risks.
The runtime demands this permission when code first attempts to open a store. It decides whether to grant IsolatedStorageFilePermission, based on how much the code is trusted. If the permission is granted, the allowed usage and storage quota values are determined by security policy and by the code's request for IsolatedStorageFilePermission. Security policy is set using .NET Framework Configuration Tool (Mscorcfg.msc). All callers in the call stack are checked to ensure that each caller has at least the appropriate allowed usage. The runtime also checks the quota imposed on the code that opened or created the store in which the file is to be saved. If these conditions are satisfied, permission is granted. The quota is checked again every time a file is written to the store.
Application code is not required to request permission because the common language runtime will grant whatever IsolatedStorageFilePermission is appropriate based on security policy. However, there are good reasons to request specific permissions that your application needs, including the IsolatedStorageFilePermission. For more information, see Requesting Permissions.