Guidelines for Partners
Securing sensitive information like passwords, tokens, and license information is a very important aspect of data management. In Business Central, ensuring data security can be achieved through Isolated Storage. In this blog post, we’ll guide you through a practical example of password management, showcasing how Isolated Storage adds an extra layer of protection.
What is Business Central’s Isolated Storage
Business Central Isolated Storage serves as a secure repository for sensitive data, exclusively accessible within the application. By isolating data at the level of individual tenants, Isolated Storage enhances security significantly. The stored keys and values can be conveniently accessed through a dedicated API.
You also have the opportunity to specify a scope for accessing secrets. It can be Company, CompanyAndUser, Module, or User. In other words, the scope determines who can retrieve the data from the Isolated Storage.
Storing Password example
Here is a simple example of storing and retrieving passwords using Isolated Storage. In this scenario, the user provides a password and confirms it. A validation process verifies whether the entered password matches the confirmation. This example involves storing the password in Isolated Storage and retrieving it to compare it with the confirmed password.
table 50000 "Password" { DataClassification = CustomerContent; Caption = ‘Password '; fields { field(1; "Primary Key"; Code[10]) { DataClassification = CustomerContent; Caption = 'Primary Key'; } } keys { key(PK; "Primary Key") { Clustered = true; } } } page 50000 "Password" { PageType = Card; ApplicationArea = All; UsageCategory = Administration; SourceTable = "Password"; layout { area(Content) { field(Password; Password) { ApplicationArea = All; Caption = 'Enter Password'; ExtendedDatatype = Masked; trigger OnValidate() begin PasswordStorage.SetPassword(Password); Commit(); end; } field(EnterPassword; EnterPassword) { ApplicationArea = All; Caption = 'Confirm Password'; ExtendedDatatype = Masked; trigger OnValidate() begin if PasswordStorage.ValidatePassword(EnterPassword) then Message('Password Match. Congratulations!') else Error('Password did not match: Please try again'); end; } } } var Password: Text; PasswordStorage: Codeunit "Password Storage"; EnterPassword: Text; }
codeunit 50000 "Password Storage" { Access = Internal; procedure SetPassword(NewPassword: Text) begin // Verify if a password exists within Isolated Storage using its storage key. if IsolatedStorage.Contains('NewPassword', DataScope:: Module) then IsolatedStorage.Delete('NewPassword', DataScope:: Module); // Store a new password in Isolated Storage IsolatedStorage.set('NewPassword', NewPassword, DataScope:: Module); end; local procedure GetPassword() NewPassword: Text begin // Verify if a password exists within Isolated Storage using its storage key. if IsolatedStorage.Contains('NewPassword', DataScope:: Module) then // Retrieve the existing password from Isolated Storage. IsolatedStorage.Get('NewPassword', DataScope:: Module, NewPassword); end; procedure ValidatePassword(EnteredPassword: Text): Boolean begin if EnteredPassword = GetPassword() then exit(true); end; }
For an added layer of security, the “GetPassword” procedure is set to be local, restricting access solely within the codeunit. This measure decreases the risk of sensitive information being exposed through public functions. Additionally, the “Access” property of codeunit, set as “Internal”, ensures that other extensions cannot access the password, enhancing overall data security.
Conclusion
Microsoft Dynamics 365 Business Central’s Isolated Storage offers a strong solution for protecting important data, such as passwords. By providing a secure and separate space for storing confidential data, Isolated Storage ensures that it remains protected from unauthorized access by other applications.