I'am a bit confused about the use of Isolated Storage on a IIS server.
I understand the goal of Isolated Storage : provides a safe place to store data with no worry about how and where is this place.
Since Isolated Storage have a by-user and by-assembly approach, I'am not too wild about using it on a IIS server where applications have almost their own identity. I haven't really seen the interest of impersonating a web application and almost never seen impersonated web applications myself but this is my point of view.
Using Isolated Storage on a server mean (for Windows Server 2003) :
Using Isolated stores in \Documents and Settings\<user>\
Which mean \Documents and Settings\Default User\
when the application pool is owned by Local System or Network Services I guess
Which also mean Write rights on this folder for Local System or Network Services
Using of impersonation
Regarding a web application (logic), these ideas are confusing me... Document and Settings ? Default User ? Enable impersonation just for storage ? No control about storage on server ? Uh ?
Some points on the MSDN :
Server storage. Server applications can use isolated storage to provide individual stores [...]. Because isolated storage is always segregated by user, the server must impersonate the user making the request. [...]
Using isolated storage enables partially trusted applications to store data in a manner that is controlled by the computer's security policy.
by default, code running from the local computer, a local network, [...] is granted the right to use isolated storage. Should I understand Network Services ? I would be surprised. That's not the case on my IIS servers (Windows 2003).
And then I'am a front of a dilema : use System.IO.Packaging
(with Isolated Storage inside) on web applications or find an alternative ? Using IO.Packaging
mean you must enable isolated storage ?
Am I wrong in my approach ? Did I miss something ?
I precise I don't especially want to use/enable it on a IIS server, I would like to understand if enabling it on a such environment is a good practice.
Any point of view is appreciated and an explanation about an "Isolated Storage with IIS philosophy" could be an anwser.
Thanks !
If you would need to use server side isolated storage for some reason, then you must impersonate the user and for that you would need to use windows integrated authentication so you get the http context's user principal populated with the requesting user. The request thread would switch the identity to the requester user and I would assume ( haven't tested) that you would see the isolated storage under that account.
I am still not sure when would I use isolated storage on server side for an IIS app which normally in enterprise environment runs on a web farm. It would be against best practices to store anything locally per user. If that server goes down, then you've lost that data.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With