Support trustmode appcontainer in FilePickers

[gentledepp]

Is your feature request related to a problem? Please describe.

We are trying to develop a windows application that runs in trustmode appcontainer.
Until now, we were able to overcome any obstacles.
But implementing a file picker seems not doable.

Approach 1: Using StorageProvider

Either we use the provided StorageProvider.GetOpenFilePickerAsync method.

 // Note: This likely won't work in AppContainer, but kept as fallback
 var picturesFolder = await topLevel.StorageProvider.TryGetWellKnownFolderAsync(WellKnownFolder.Pictures);

 return await topLevel.StorageProvider.OpenFilePickerAsync(new FilePickerOpenOptions
 {
     AllowMultiple = false,
     FileTypeFilter = GetFileTypeFilter(options),
     SuggestedStartLocation = picturesFolder,
 });

then this results in a window being shown that only opens message boxes saying "Access denied"

Approach 2: Trying to use Windows native APIs

So as approach 1 failed, we tried to use

                var ph = topLevel.TryGetPlatformHandle();
                var hwnd = ph.Handle;


                // Initialize the picker with the window
                var picker = new Windows.Storage.Pickers.FileOpenPicker();
                picker.ViewMode = Windows.Storage.Pickers.PickerViewMode.Thumbnail;
                picker.SuggestedStartLocation = Windows.Storage.Pickers.PickerLocationId.PicturesLibrary;
                picker.FileTypeFilter.Add(".jpg");
                picker.FileTypeFilter.Add(".jpeg");
                picker.FileTypeFilter.Add(".png");

                // Initialize with the window handle
                WinRT.Interop.InitializeWithWindow.Initialize(picker, hwnd);
                Windows.Storage.StorageFile file = await picker.PickSingleFileAsync();
          

this throws a System.UnauthorizedAccessException

stacktrace:

at WinRT.ExceptionHelpers.g__Throw|38_0(Int32 hr)
at WinRT.ExceptionHelpers.ThrowExceptionForHR(Int32 hr)
at WinRT.Interop.IInitializeWithWindowMethods.Initialize(Object _obj, IntPtr window)
at WinRT.Interop.InitializeWithWindow.Initialize(Object target, IntPtr hwnd)
at iCL.Platform.Integration.MediaPicker.MediaPickerService.<>c__DisplayClass13_0.<b__0>d.MoveNext()

Note: We added all necessary capabilities to our appxmanifest:

  <Capabilities>
    <Capability Name="internetClient" />
      
    <uap:Capability Name="picturesLibrary"/>
    <rescap:Capability Name="broadFileSystemAccess" />
      
    <DeviceCapability Name="location"/>
	<DeviceCapability Name="webcam"/>
  </Capabilities>

We also enabled the "broadFileSystemAccess" in the windows settings

await Windows.System.Launcher.LaunchUriAsync(new Uri("ms-settings:privacy-broadfilesystemaccess"));

Describe the solution you'd like

Easiest option for users:

Make the StorageProvider realize if it is running in an appcontainer.
If so, use a specialized storageprovider for this...
... so that the StorageProvider.OpenFilePickerAsync also works for apps running in an appcontainer.

Alternative approach:
Provide a valid handle (intpr) that can be used to use windows native features.

Please let me know if you need a repro.

Describe alternatives you've considered

Running our app in fullTrust - but come on. It is 2025 - this cannot be the solution :-(

Additional context

We are happy to help move this forward and contribute. But have no idea where to start.
Please let us know!

[gentledepp]

just as a note - as I think this is related:

The following code works on windows until calling RequestAccessAsync() which throws a COM Exception

            var capability = AppCapability.Create("location");
            var stat = capability.CheckAccess();
            
            
            if (stat == AppCapabilityAccessStatus.Allowed)
            {
                return true;
            }

            var rar = await capability.RequestAccessAsync();

[maxkatz6]

I don't think we can switch to WinUI FileOpenPicker APIs.
And old COM file picker must be compatible with new sandbox model too, although I haven't tried it yet (this one - Win32 App Isolation).

Running our app in fullTrust - but come on. It is 2025 - this cannot be the solution :-(

Pretty sure it's still the solution for Windows apps :)

[maxkatz6]

broadFileSystemAccess
fullTrust

At least in old UWP sandboxing, you didn't have to enable these capabilities for file pickers.

then this results in a window being shown that only opens message boxes saying "Access denied"

Just in case, do you need to pick files in system32? It might not be possible even with capabilities.

[gentledepp]

No.
I deliberately added the suggested start location but the returned value is "null" and therefore it opens system32:

And no matter which folder I try to open (literally), I get the "Access denied" messagebox.

And old COM file picker must be compatible with new sandbox model too, although I haven't tried it yet

So you suggest this is a bug, then? Shall I file one?

[maxkatz6]

@gentledepp I don't know if it's really a bug, and is it on our side.
I would recommend trying to reproduce the same with WPF, as it should have more material, and we use the same Win32 APIs under the hood.

[gentledepp]

... ouch... I guess we still have users running windows 10. This is gonna hurt