Share via

Why does a .NET MAUI app, for Windows 10, require the "runFullTrust" capability?

Dave Calkins 51 Reputation points
2022-12-04T14:13:40.687+00:00

Using Visual Studio 2022 Enterprise 64-bit v17.4.2 on Windows 10 v22H2 64-bit

Repro steps.

  • Create a new project, ".NET MAUI App", with the default .NET 6.0 selected as part of the new project wizard
  • Click the run button from the toolbar to build and run the app on Windows in the debugger
  • Should work fine
  • Edit the Windows app manifest (Platforms\Windows\Package.appxmanifest) in a text editor
  • Note that, although we haven't checked any capabilities in the UI editor for this file, it still adds a capability. Towards the end of the file, see the Capabilities elements and within that, see that it has added the runFullTrust capability
  • Remove the capability, save, and attempt to run again
  • This time it will fail to build
  • Re-adding the capability to the manifest file resolves the problem and it runs again

So it appears the .NET MAUI app needs to have this capability set. I'm curious why that is. The question came up for me when attempting to submit a very simple app (just a UI with some buttons and text display) to the Microsoft Store. Due to the presence of this capability, I had to provide an explanation, during app submission, why I needed the capability. I have no idea, but it seems something about MAUI may need it? Does anyone know why this is needed?

----------

The section in the app manifest to look for is below. 

  <Capabilities>  
    <rescap:Capability Name="runFullTrust" />  
  </Capabilities>

----------

From the build output.... 

0>C:\Users\david\.nuget\packages\microsoft.windowsappsdk\1.1.3\buildTransitive\Microsoft.Build.Msix.Packaging.targets(901,5): Error APPX0002: Task 'WinAppSdkGenerateAppxManifest' failed. Object reference not set to an instance of an object.

Then the below is repeated a number of times 

0>C:\Users\david\.nuget\packages\microsoft.windowsappsdk\1.1.3\buildTransitive\Microsoft.Build.Msix.Packaging.targets(901,5): Error MSB4018: The "WinAppSdkGenerateAppxManifest" task failed unexpectedly.  
System.IO.FileNotFoundException: Could not load file or assembly 'Newtonsoft.Json, Version=9.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' or one of its dependencies. The system cannot find the file specified.  
File name: 'Newtonsoft.Json, Version=9.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed'  
   at Microsoft.VisualStudio.Telemetry.MachinePropertyBag.ParseIn(String filepath)  
   at Microsoft.VisualStudio.Telemetry.MachinePropertyBag.LoadStore()  
   at Microsoft.VisualStudio.Telemetry.WindowsIdentityInformationProvider.<>c.<.cctor>b__12_0()  
   at System.Lazy`1.CreateValue()  
--- End of stack trace from previous location where exception was thrown ---  
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()  
   at System.Lazy`1.get_Value()  
   at Microsoft.VisualStudio.Telemetry.IdentityInformationProvider.SchedulePostPersistedSharedPropertyAndSendAnyFaults(TelemetrySession telemetrySession, ITelemetryScheduler scheduler)  
   at Microsoft.VisualStudio.Telemetry.TelemetrySession.InitializeSession()  
   at Microsoft.VisualStudio.Telemetry.TelemetrySession.HardwareIdCalculationCompleted(Object sender, EventArgs e)  
   at Microsoft.VisualStudio.Telemetry.TelemetrySession.DisposeStart()  
   at Microsoft.VisualStudio.Telemetry.TelemetrySession.DisposeManagedResources()  
   at Microsoft.VisualStudio.Telemetry.TelemetryDisposableObject.Dispose()  
   at Microsoft.Build.Msix.AppxPackagingTaskHelper.PostTelemetryFault(Exception e)  
   at Microsoft.Build.Msix.AppxPackagingTaskHelper.Execute(String file)  
   at Microsoft.Build.Msix.AppxManifest.WinAppSdkGenerateAppxManifest.Execute()  
   at Microsoft.Build.BackEnd.TaskExecutionHost.Microsoft.Build.BackEnd.ITaskExecutionHost.Execute()  
   at Microsoft.Build.BackEnd.TaskBuilder.<ExecuteInstantiatedTask>d__26.MoveNext()  
  
WRN: Assembly binding logging is turned OFF.  
To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.  
Note: There is some performance penalty associated with assembly bind failure logging.  
To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].
Windows App SDK
Windows App SDK
A set of Microsoft open-source libraries, frameworks, components, and tools to be used in apps to access Windows platform functionality on many versions of Windows. Previously known as Project Reunion.
729 questions
.NET MAUI
.NET MAUI
A Microsoft open-source framework for building native device applications spanning mobile, tablet, and desktop.
2,963 questions
Microsoft Partner Center
Microsoft Partner Center
A Microsoft website for partners that provides access to product support, a partner community, and other partner services.
886 questions
0 comments
Accepted answer
  1. Rob Caplan - MSFT 5,427 Reputation points Microsoft Employee
    2022-12-04T19:31:12.403+00:00

    MAUI (probably) doesn't require runFullTrust, but it defaults to runFullTrust since MAUI for Windows are WinUI apps and WinUI apps default to (but don't require) full trust. This default is based on developer requests: many devs skipped UWP specifically because of the partial trust model.

    See Use partial trust by default for all WinUI 3 apps #1900 and its references to MSIX: containerized or not? #410 in the Windows App SDK repo for a discussion of running a WinUI app with partial trust.

    You can set a Maui app to run partial trust by editing its appxmanifest to set a partial trust entry point (EntryPoint="Windows.PartialTrustApplication") and removing the fullTrust capability. Here's what I changed in a default Maui template app's Package.appmanifest.

    <Applications>
    <Application Id="App"
            Executable="$targetnametoken$.exe"
            EntryPoint="Windows.PartialTrustApplication" >
            <!--EntryPoint="$targetentrypoint$">-->
            <uap:VisualElements
        DisplayName="$placeholder$"
        Description="$placeholder$"
        Square150x150Logo="$placeholder$.png"
        Square44x44Logo="$placeholder$.png"
        BackgroundColor="transparent">
        <uap:DefaultTile Square71x71Logo="$placeholder$.png" Wide310x150Logo="$placeholder$.png" Square310x310Logo="$placeholder$.png" />
        <uap:SplashScreen Image="$placeholder$.png" />
      </uap:VisualElements>
    </Application>
  </Applications>

  <Capabilities>
    <!--<rescap:Capability Name="runFullTrust" />-->
  </Capabilities>

    You'll also need to make sure you don't use any libraries that require full trust. I can't think of anything in MAUI itself which I'd expect to require full trust, but it's easy to accidentally code in dependencies on access to the full file system, etc. that partial trust apps don't have.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dave Calkins 51 Reputation points
    2022-12-04T21:37:56.867+00:00

    @Rob Caplan - MSFT thanks for the reply and info! Have bookmark'd this for future reference. I guess I will see what the Microsoft store folks come back with. My motivation here was to just find out the why since that was what was asked for on the submission form. I explained to them that it's a MAUI app and it seems to "require" it. So perhaps they will accept that.

    In this case, it's an extremely simple app that doesn't really use any libraries. Simple UI with some buttons and counter displays. But I can see if things get more involved than removing it could be problematic.

    I will wait and see what happens in the app certification process.

    1 person found this answer helpful.