O'Reilly logo

C# Cookbook by Jay Hilyard, Stephen Teilhet

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

14.8. Securely Storing Data

Problem

You need to store settings data about individual users for use by your application that is isolated from other instances of your application run by different users.

Solution

You can use isolated storage to establish per user data stores for your application data, and then use hashed values for critical data in your data store.

To illustrate how to do this for settings data, we create the following UserSettings class. UserSettings holds only two pieces of information, the user identity (current WindowsIdentity) and the password for our application. The user identity is accessed via the User property, and the password is accessed via the Password property. Note that the password field is being created the first time and is stored as a salted hashed value to keep it secure. The combination of the isolated storage and the hashing of the password value helps to strengthen the security of the password by using the “defense in depth” principle. The settings data is held in XML that is stored in the isolated storage scope and accessed via an XmlDocument instance.

This solution uses the following namespaces:

using System;
using System.IO;
using System.IO.IsolatedStorage;
using System.Xml;
using System.Text;
using System.Diagnostics;
using System.Security.Principal;
using System.Security.Cryptography;

Here is the UserSettings class:

// class to hold user settings public class UserSettings { IsolatedStorageFile isoStorageFile = null; IsolatedStorageFileStream ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required