独立存储Isolated Storage

对于桌面应用,独立存储是一种数据存储机制,它在代码与保存的数据之间定义了标准化的关联方式,从而提供隔离性和安全性。For desktop apps, isolated storage is a data storage mechanism that provides isolation and safety by defining standardized ways of associating code with saved data. 同时,标准化也提供了其他好处。Standardization provides other benefits as well. 管理员可以使用旨在操作独立存储的工具来配置文件存储空间、设置安全策略及删除未使用的数据。Administrators can use tools designed to manipulate isolated storage to configure file storage space, set security policies, and delete unused data. 通过独立存储,代码不再需要使用唯一的路径来指定文件系统中的安全位置,同时可以保护数据免遭只具有独立存储访问权限的其他应用程序的损坏。With isolated storage, your code no longer needs unique paths to specify safe locations in the file system, and data is protected from other applications that only have isolated storage access. 不再需要指示应用程序的存储区域位置的硬编码信息。Hard-coded information that indicates where an application's storage area is located is unnecessary.

重要

独立存储不适用于 Windows 8.x 应用商店应用。Isolated storage is not available for Windows 8.x Store apps. 请改用 Windows 运行时 API 包含的 Windows.Storage 命名空间中的应用程序数据类来存储本地数据和文件。Instead, use the application data classes in the Windows.Storage namespaces included in the Windows Runtime API to store local data and files. 有关详细信息,请参阅 Windows 开发人员中心的 应用程序数据For more information, see Application data in the Windows Dev Center.

本主题包含以下各节:This topic contains the following sections:

数据隔离舱和存储区Data Compartments and Stores

当应用程序在文件中存储数据时,必须仔细选择文件名和存储位置,最大程度地减小其他应用程序知道该存储位置的可能性,从而使数据不易受到损坏。When an application stores data in a file, the file name and storage location must be carefully chosen to minimize the possibility that the storage location will be known to another application and, therefore, will be vulnerable to corruption. 如果没有标准系统来管理这些问题,想开发出最大程度地减少存储冲突的特别技术可能并非易事,而且开发出来的技术也不见得可靠。Without a standard system in place to manage these problems, developing ad hoc techniques that minimize storage conflicts can be complex, and the results can be unreliable.

通过使用独立存储,数据将始终按用户和程序集进行隔离。With isolated storage, data is always isolated by user and by assembly. 程序集的源或强名称等凭据确定程序集的身份。Credentials such as the origin or the strong name of the assembly determine assembly identity. 通过使用类似的凭据,数据还可以按应用程序域进行隔离。Data can also be isolated by application domain, using similar credentials.

当使用独立存储时,应用程序将数据保存到与代码标识的某些方面(例如,其发行者或签名)关联的独特数据隔离舱。When you use isolated storage, your application saves data to a unique data compartment that is associated with some aspect of the code's identity, such as its publisher or signature. 数据隔离舱是一个抽象的存储位置,而不是具体的存储位置,它由一个或多个独立的存储文件(叫做存储区)组成,这些独立的存储文件包含存储数据的实际目录位置。The data compartment is an abstraction, not a specific storage location; it consists of one or more isolated storage files, called stores, which contain the actual directory locations where data is stored. 例如,应用程序可能有一个与其关联的数据隔离舱,文件系统中的某个目录将实现实际保留应用程序数据的存储区。For example, an application might have a data compartment associated with it, and a directory in the file system would implement the store that actually preserves the data for that application. 保存在存储区中的数据可以是任意类型的数据,无论是用户首选项信息还是应用程序状态都可以。The data saved in the store can be any kind of data, from user preference information to application state. 对于开发人员来说,数据隔离舱的位置是透明的。For the developer, the location of the data compartment is transparent. 应用商店通常位于客户端,但是,服务器应用程序可以使用独立存储通过模拟该服务的用户存储信息。Stores usually reside on the client, but a server application could use isolated stores to store information by impersonating the user on whose behalf it is functioning. 独立存储还可以将信息和用户漫游配置文件一起存储在服务器上,这样,漫游用户就可以随时使用该信息。Isolated storage can also store information on a server with a user's roaming profile so that the information will travel with the roaming user.

独立存储的配额Quotas for Isolated Storage

配额是对可使用的独立存储数量的限制。A quota is a limit on the amount of isolated storage that can be used. 配额包括文件空间的字节及与存储区中目录和其他信息关联的系统开销。The quota includes bytes of file space as well as the overhead associated with the directory and other information in the store. 独立存储使用权限配额,这些配额是使用 IsolatedStoragePermission 对象设置的存储限制。Isolated storage uses permission quotas, which are storage limits that are set by using IsolatedStoragePermission objects. 如果尝试写入的数据超出配额,则会引发 IsolatedStorageException 异常。If you try to write data that exceeds the quota, an IsolatedStorageException exception is thrown. 安全策略确定向代码授予的权限,它可以使用 .NET Framework 配置工具 (Mscorcfg.msc) 来修改。Security policy, which can be modified using the .NET Framework Configuration Tool (Mscorcfg.msc), determines which permissions are granted to code. 已授予 IsolatedStoragePermission 的代码所使用的存储范围不能超过 UserQuota 属性的限制。Code that has been granted IsolatedStoragePermission is restricted to using no more storage than the UserQuota property allows. 但是,由于代码可以通过表示不同的用户标识绕过权限配额,所以权限配额用作指导代码如何工作的指南,而不是对代码行为的硬性限制。However, because code can bypass permission quotas by presenting different user identities, permission quotas serve as guidelines for how code should behave rather than as a firm limit on code behavior.

不对漫游存储区强制执行配额。Quotas are not enforced on roaming stores. 因此,对使用它们的代码要求稍高级别的权限。Because of this, a slightly higher level of permission is required for code to use them. 枚举值 AssemblyIsolationByRoamingUserDomainIsolationByRoamingUser 为漫游用户指定使用独立存储的权限。The enumeration values AssemblyIsolationByRoamingUser and DomainIsolationByRoamingUser specify a permission to use isolated storage for a roaming user.

安全访问Secure Access

通过使用独立存储,可以使部分受信任的应用程序以由计算机安全策略控制的方式存储数据。Using isolated storage enables partially trusted applications to store data in a manner that is controlled by the computer's security policy. 对于用户需慎重运行的下载的组件来说,这尤为有用。This is especially useful for downloaded components that a user might want to run cautiously. 在使用标准 I/O 机制访问文件系统时,安全策略很少向这种代码授予权限。Security policy rarely grants this kind of code permission when you access the file system by using standard I/O mechanisms. 但是默认情况下,会对在本地计算机、本地网络或 Internet 中运行的代码授予使用独立存储的权限。However, by default, code running from the local computer, a local network, or the Internet is granted the right to use isolated storage.

管理员可以根据适当的信任级别限制应用程序或用户可以使用多少独立存储。Administrators can limit how much isolated storage an application or a user has available, based on an appropriate trust level. 另外,管理员可以完全移除用户的持久性数据。In addition, administrators can remove a user's persisted data completely. 若要创建或访问独立存储,则必须授予代码相应的 IsolatedStorageFilePermission 权限。To create or access isolated storage, code must be granted the appropriate IsolatedStorageFilePermission permission.

要访问独立存储,代码必须具有所有必要的本机平台操作系统权限。To access isolated storage, code must have all necessary native platform operating system rights. 必须满足用来控制哪些用户有权使用文件系统的访问控制列表 (ACL)。The access control lists (ACLs) that control which users have the rights to use the file system must be satisfied. 除非执行(特定于平台的)模拟,否则 .NET Framework 应用程序已经具有访问独立存储的操作系统权限。.NET Framework applications already have operating system rights to access isolated storage unless they perform (platform-specific) impersonation. 在这种情况下,应用程序负责确保被模拟的用户标识具有访问独立存储的适当操作系统权限。In this case, the application is responsible for ensuring that the impersonated user identity has the proper operating system rights to access isolated storage. 对于在 Web 上运行或从 Web 下载的代码而言,这种访问为之提供了一种对与特定用户相关的存储区域进行读写操作的简便方法。This access provides a convenient way for code that is run or downloaded from the web to read and write to a storage area related to a particular user.

为了控制对独立存储的访问,公共语言运行时使用 IsolatedStorageFilePermission 对象。To control access to isolated storage, the common language runtime uses IsolatedStorageFilePermission objects. 每个对象都具有指定以下值的属性:Each object has properties that specify the following values:

  • 允许的用法,这指出了所允许的访问类型。Allowed usage, which indicates the type of access that is allowed. 这些值是 IsolatedStorageContainment 枚举的成员。The values are members of the IsolatedStorageContainment enumeration. 有关这些值的更多信息,请参见下一节中的表。For more information about these values, see the table in the next section.

  • 存储配额(如上一节所述)。Storage quota, as discussed in the preceding section.

当代码第一次尝试打开存储时,运行时要求 IsolatedStorageFilePermission 权限。The runtime demands IsolatedStorageFilePermission permission when code first attempts to open a store. 它根据代码的受信任程度决定是否授予此权限。It decides whether to grant this permission, based on how much the code is trusted. 如果授予此权限,则允许的用法和存储配额值由安全策略和代码对 IsolatedStorageFilePermission的请求决定。If the permission is granted, the allowed usage and storage quota values are determined by security policy and by the code's request for IsolatedStorageFilePermission. 安全策略使用 .NET Framework 配置工具 (Mscorcfg.msc) 来进行设置。Security policy is set by using the .NET Framework Configuration Tool (Mscorcfg.msc). 检查调用堆栈中的所有调用方以确保每个调用方至少具有适当的允许的用法。All callers in the call stack are checked to ensure that each caller has at least the appropriate allowed usage. 运行时还检查强加于代码的配额,该代码打开或创建将在其中保存文件的存储区。The runtime also checks the quota imposed on the code that opened or created the store in which the file is to be saved. 如果满足这些条件,就授予权限。If these conditions are satisfied, permission is granted. 每次文件写入存储区时,都将再次检查配额。The quota is checked again every time a file is written to the store.

因为公共语言运行时将根据安全策略授予任何适当的 IsolatedStorageFilePermission ,所以请求权限不需要应用程序代码。Application code is not required to request permission because the common language runtime will grant whatever IsolatedStorageFilePermission is appropriate based on security policy. 然而,有很好的理由来请求应用程序需要的特定权限,包括 IsolatedStorageFilePermissionHowever, there are good reasons to request specific permissions that your application needs, including IsolatedStorageFilePermission.

允许的用法和安全风险Allowed Usage and Security Risks

IsolatedStorageFilePermission 指定的允许的用法确定允许代码创建和使用独立存储的程度。The allowed usage specified by IsolatedStorageFilePermission determines the degree to which code will be allowed to create and use isolated storage. 下表显示了权限中指定的允许的用法如何与隔离的类型对应,并总结了与每种允许的用法关联的安全风险。The following table shows how the allowed usage specified in the permission corresponds to types of isolation and summarizes the security risks associated with each allowed usage.

允许的用法Allowed usage 隔离类型Isolation types 安全影响Security impact
None 不允许使用任何独立存储。No isolated storage use is allowed. 没有安全影响。There is no security impact.
DomainIsolationByUser 按用户、域和程序集隔离。Isolation by user, domain, and assembly. 每个程序集在域中都有单独的子存储区。Each assembly has a separate substore within the domain. 使用此权限的存储也由计算机隐式隔离。Stores that use this permission are also implicitly isolated by computer. 此权限级别无法阻止他人未经授权滥用资源,尽管强制的配额对此做法增添了一些难度。This permission level leaves resources open to unauthorized overuse, although enforced quotas make it more difficult. 这叫做拒绝服务攻击。This is called a denial of service attack.
DomainIsolationByRoamingUser DomainIsolationByUser相同,但如果启用漫游用户配置文件且不强制配额,则存储将保存到将漫游的位置。Same as DomainIsolationByUser, but store is saved to a location that will roam if roaming user profiles are enabled and quotas are not enforced. 因为必须禁用配额,所以存储资源更易受到拒绝服务攻击。Because quotas must be disabled, storage resources are more vulnerable to a denial of service attack.
AssemblyIsolationByUser 按用户和程序集隔离。Isolation by user and assembly. 使用此权限的存储也由计算机隐式隔离。Stores that use this permission are also implicitly isolated by computer. 在此级别强制实施配额以帮助防止拒绝服务攻击。Quotas are enforced at this level to help prevent a denial of service attack. 由于另一个域中相同的程序集可以访问该存储区,这就使信息可能在应用程序间泄露。The same assembly in another domain can access this store, opening the possibility that information could be leaked between applications.
AssemblyIsolationByRoamingUser AssemblyIsolationByUser相同,但如果启用漫游用户配置文件且不强制配额,则存储将保存到将漫游的位置。Same as AssemblyIsolationByUser, but store is saved to a location that will roam if roaming user profiles are enabled and quotas are not enforced. AssemblyIsolationByUser中相同,但没有配额,增加了拒绝服务攻击的风险。Same as in AssemblyIsolationByUser, but without quotas, the risk of a denial of service attack increases.
AdministerIsolatedStorageByUser 按用户隔离。Isolation by user. 通常,只有管理或调试工具才使用此级别的权限。Typically, only administrative or debugging tools use this level of permission. 使用该权限访问允许代码查看或删除任何的用户独立存储文件或目录(而不论程序集是否隔离)。Access with this permission allows code to view or delete any of a user's isolated storage files or directories (regardless of assembly isolation). 存在的风险包括(但不限于)泄露信息和数据丢失。Risks include, but are not limited to, leaking information and data loss.
UnrestrictedIsolatedStorage 按所有用户、域和程序集隔离。Isolation by all users, domains, and assemblies. 通常,只有管理或调试工具才使用此级别的权限。Typically, only administrative or debugging tools use this level of permission. 此权限有可能会整个危害所有用户的所有独立存储区。This permission creates the potential for a total compromise of all isolated stores for all users.

独立存储位置Isolated Storage Locations

有时候,使用操作系统的文件系统来验证对独立存储进行的更改会非常有帮助。Sometimes it is helpful to verify a change to isolated storage by using the file system of the operating system. 你可能还需要了解独立存储文件的位置。You might also want to know the location of isolated storage files. 该位置随操作系统的不同而不同。This location is different depending on the operating system. 下表显示了在几个常见操作系统上创建独立存储的根位置。The following table shows the root locations where isolated storage is created on a few common operating systems. 在此根位置下查找 Microsoft\IsolatedStorage 目录。Look for Microsoft\IsolatedStorage directories under this root location. 您必须更改文件夹设置以显示隐藏文件和文件夹,才能查看到文件系统中的独立存储。You must change folder settings to show hidden files and folders in order to see isolated storage in the file system.

操作系统Operating system 在文件系统中的位置Location in file system
Windows 2000、Windows XP、Windows Server 2003(从 Windows NT 4.0 升级)Windows 2000, Windows XP, Windows Server 2003 (upgrade from Windows NT 4.0) 支持漫游的存储区 =Roaming-enabled stores =

<SYSTEMROOT>\Profiles\<用户>\Application Data<SYSTEMROOT>\Profiles\<user>\Application Data

非漫游存储区 =Nonroaming stores =

<SYSTEMROOT>\Profiles\<用户>\Local Settings\Application Data<SYSTEMROOT>\Profiles\<user>\Local Settings\Application Data
Windows 2000 - 全新安装(和从 Windows 98 及 Windows NT 3.51 升级)Windows 2000 - clean installation (and upgrades from Windows 98 and Windows NT 3.51) 支持漫游的存储区 =Roaming-enabled stores =

<SYSTEMDRIVE>\Documents and Settings\<用户>\Application Data<SYSTEMDRIVE>\Documents and Settings\<user>\Application Data

非漫游存储区 =Nonroaming stores =

<SYSTEMDRIVE>\Documents and Settings\<用户>\Local Settings\Application Data<SYSTEMDRIVE>\Documents and Settings\<user>\Local Settings\Application Data
Windows XP、Windows Server 2003 - 全新安装(和从 Windows 2000 及 Windows 98 升级)Windows XP, Windows Server 2003 - clean installation (and upgrades from Windows 2000 and Windows 98) 支持漫游的存储区 =Roaming-enabled stores =

<SYSTEMDRIVE>\Documents and Settings\<用户>\Application Data<SYSTEMDRIVE>\Documents and Settings\<user>\Application Data

非漫游存储区 =Nonroaming stores =

<SYSTEMDRIVE>\Documents and Settings\<用户>\Local Settings\Application Data<SYSTEMDRIVE>\Documents and Settings\<user>\Local Settings\Application Data
Windows 8、Windows 7、Windows Server 2008、Windows VistaWindows 8, Windows 7, Windows Server 2008, Windows Vista 支持漫游的存储区 =Roaming-enabled stores =

<SYSTEMDRIVE>\Users\<用户>\AppData\Roaming<SYSTEMDRIVE>\Users\<user>\AppData\Roaming

非漫游存储区 =Nonroaming stores =

<SYSTEMDRIVE>\Users\<用户>\AppData\Local<SYSTEMDRIVE>\Users\<user>\AppData\Local

创建、枚举和删除独立存储Creating, Enumerating, and Deleting Isolated Storage

.NET Framework 在 System.IO.IsolatedStorage 命名空间中提供了三个类来帮助你执行涉及独立存储的任务:The .NET Framework provides three classes in the System.IO.IsolatedStorage namespace to help you perform tasks that involve isolated storage:

独立存储类使您可以创建、枚举并删除独立存储。The isolated storage classes enable you to create, enumerate, and delete isolated storage. 通过 IsolatedStorageFile 对象可以使用执行这些任务的方法。The methods for performing these tasks are available through the IsolatedStorageFile object. 某些操作要求你具有 IsolatedStorageFilePermission 权限(表示管理独立存储的权限);你可能还需要具有访问文件或目录的操作系统权限。Some operations require you to have the IsolatedStorageFilePermission permission that represents the right to administer isolated storage; you might also need to have operating system rights to access the file or directory.

有关演示常见的独立存储任务的一系列示例,请参见 相关主题中列出的帮助主题。For a series of examples that demonstrate common isolated storage tasks, see the how-to topics listed in Related Topics.

独立存储的情况Scenarios for Isolated Storage

在许多情况下,独立存储非常有用,包括这四种场景:Isolated storage is useful in many situations, including these four scenarios:

  • 下载的控件。Downloaded controls. 不允许从 Internet 下载的托管代码控件通过正常的 I/O 类写入硬盘,但它们可以使用独立存储来持久保存用户设置和应用程序状态。Managed code controls downloaded from the Internet are not allowed to write to the hard drive through normal I/O classes, but they can use isolated storage to persist users' settings and application states.

  • 共享组件存储。Shared component storage. 应用程序间共享的组件可以使用独立存储来提供对数据存储区的有控制的访问。Components that are shared between applications can use isolated storage to provide controlled access to data stores.

  • 服务器存储。Server storage. 服务器应用程序可以使用独立存储为请求应用程序的大量用户提供单独的存储区。Server applications can use isolated storage to provide individual stores for a large number of users making requests to the application. 因为独立存储始终按用户进行隔离,所以服务器必须模拟发出请求的用户。Because isolated storage is always segregated by user, the server must impersonate the user making the request. 在这种情况下,根据主体的标识隔离数据,该标识与应用程序用来区分其用户的标识是同一个标识。In this case, data is isolated based on the identity of the principal, which is the same identity the application uses to distinguish between its users.

  • 漫游。Roaming. 应用程序还可以将独立存储和漫游用户配置文件一起使用。Applications can also use isolated storage with roaming user profiles. 这允许用户的独立存储区和配置文件一起漫游。This allows a user's isolated stores to roam with the profile.

不应该在以下情况下使用独立存储:You should not use isolated storage in the following situations:

  • 用来存储重要机密,例如不加密的密钥或密码,因为独立存储对高度受信任的代码、非托管代码或计算机的受信任用户不设防。To store high-value secrets, such as unencrypted keys or passwords, because isolated storage is not protected from highly trusted code, from unmanaged code, or from trusted users of the computer.

  • 用来存储代码。To store code.

  • 用来存储管理员控制的配置和部署设置。To store configuration and deployment settings, which administrators control. (因为管理员不控制用户首选项,所以用户首选项不被认为是配置设置。)(User preferences are not considered to be configuration settings because administrators do not control them.)

许多应用程序都使用数据库来存储和隔离数据,在这种情况下,数据库中的一个或多个行可能代表某个特定用户的存储。Many applications use a database to store and isolate data, in which case one or more rows in a database might represent storage for a specific user. 当用户数较少时、当使用数据库的系统开销非常大时或当不存在数据库功能时,您可以选择使用独立存储而不使用数据库。You might choose to use isolated storage instead of a database when the number of users is small, when the overhead of using a database is significant, or when no database facility exists. 另外,当应用程序要求比数据库的行所提供的存储更加灵活和复杂的存储时,独立存储也可以提供一个可行的替代方案。Also, when the application requires storage that is more flexible and complex than what a row in a database provides, isolated storage can provide a viable alternative.

TitleTitle 描述Description
隔离的类型Types of Isolation 描述不同类型的隔离。Describes the different types of isolation.
如何:获取独立存储的存储区How to: Obtain Stores for Isolated Storage 提供使用 IsolatedStorageFile 类获取按用户和程序集隔离的存储区的示例。Provides an example of using the IsolatedStorageFile class to obtain a store isolated by user and assembly.
如何:枚举独立存储的存储区How to: Enumerate Stores for Isolated Storage 演示如何使用 IsolatedStorageFile.GetEnumerator 方法计算用户的所有独立存储的大小。Shows how to use the IsolatedStorageFile.GetEnumerator method to calculate the size of all isolated storage for the user.
如何:删除独立存储中的存储区How to: Delete Stores in Isolated Storage 演示如何使用 IsolatedStorageFile.Remove 方法以两种不同方式删除独立存储区。Shows how to use the IsolatedStorageFile.Remove method in two different ways to delete isolated stores.
如何:预见独立存储中的空间不足条件How to: Anticipate Out-of-Space Conditions with Isolated Storage 说明如何测量独立存储区中剩余的空间。Shows how to measure the remaining space in an isolated store.
如何:在独立存储中创建文件和目录How to: Create Files and Directories in Isolated Storage 提供一些在独立存储区中创建文件和目录的示例。Provides some examples of creating files and directories in an isolated store.
如何:在独立存储中查找现有文件和目录How to: Find Existing Files and Directories in Isolated Storage 演示如何读取独立存储区中的目录结构和文件。Demonstrates how to read the directory structure and files in isolated storage.
如何:在独立存储中读取和写入文件How to: Read and Write to Files in Isolated Storage 提供一个向独立存储文件写入字符串并将其读取回的示例。Provides an example of writing a string to an isolated storage file and reading it back.
如何:在独立存储中删除文件和目录How to: Delete Files and Directories in Isolated Storage 演示如何删除独立存储文件和目录。Demonstrates how to delete isolated storage files and directories.
文件和流 I/OFile and Stream I/O 解释如何执行同步和异步文件和数据流访问。Explains how you can perform synchronous and asynchronous file and data stream access.

参考Reference