Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Using IsolatedStorage on a IIS server

I'am a bit confused about the use of Isolated Storage on a IIS server.

I understand the goal of Isolated Storage : provides a safe place to store data with no worry about how and where is this place.

Since Isolated Storage have a by-user and by-assembly approach, I'am not too wild about using it on a IIS server where applications have almost their own identity. I haven't really seen the interest of impersonating a web application and almost never seen impersonated web applications myself but this is my point of view.

Using Isolated Storage on a server mean (for Windows Server 2003) :

  • Using Isolated stores in \Documents and Settings\<user>\

  • Which mean \Documents and Settings\Default User\ when the application pool is owned by Local System or Network Services I guess

  • Which also mean Write rights on this folder for Local System or Network Services

  • Using of impersonation

Regarding a web application (logic), these ideas are confusing me... Document and Settings ? Default User ? Enable impersonation just for storage ? No control about storage on server ? Uh ?

Some points on the MSDN :

  • Server storage. Server applications can use isolated storage to provide individual stores [...]. Because isolated storage is always segregated by user, the server must impersonate the user making the request. [...]

  • Using isolated storage enables partially trusted applications to store data in a manner that is controlled by the computer's security policy.

  • by default, code running from the local computer, a local network, [...] is granted the right to use isolated storage. Should I understand Network Services ? I would be surprised. That's not the case on my IIS servers (Windows 2003).

And then I'am a front of a dilema : use System.IO.Packaging (with Isolated Storage inside) on web applications or find an alternative ? Using IO.Packaging mean you must enable isolated storage ?

Am I wrong in my approach ? Did I miss something ?

I precise I don't especially want to use/enable it on a IIS server, I would like to understand if enabling it on a such environment is a good practice.

Any point of view is appreciated and an explanation about an "Isolated Storage with IIS philosophy" could be an anwser.

Thanks !

like image 805
JoeBilly Avatar asked Nov 14 '22 10:11

JoeBilly


1 Answers

If you would need to use server side isolated storage for some reason, then you must impersonate the user and for that you would need to use windows integrated authentication so you get the http context's user principal populated with the requesting user. The request thread would switch the identity to the requester user and I would assume ( haven't tested) that you would see the isolated storage under that account.

I am still not sure when would I use isolated storage on server side for an IIS app which normally in enterprise environment runs on a web farm. It would be against best practices to store anything locally per user. If that server goes down, then you've lost that data.

like image 184
CJ Harmath Avatar answered Dec 20 '22 04:12

CJ Harmath