Windows Store apps that need programmatic access to user resources such as the Pictures library or connected devices such as a webcam, must declare the appropriate capability. An app requests access by declaring capabilities in its package manifest. You can declare capabilities by using the Manifest Designer in Microsoft Visual Studio or you can add them manually to the package manifest as described in How to specify capabilities in a package manifest.
When you submit your app to the Windows Store, it is checked to ensure that the declared capabilities match the description of the app. Declaring a large number of capabilities or declaring certain capabilities that users may be sensitive about may increase the level of scrutiny of your app when you submit it to the Windows Store . When customers get your app from the Windows Store, they are notified of all the capabilities that the app declares.
There are two types of Windows Store accounts: company accounts and individual accounts. Apps that apply the special use capabilities described below require a company account to submit them to the Windows Store. For more information about company accounts, see Registering for a Windows Store developer account.
Here we look at protected resources and the capabilities required to access them.
General use capabilities
General use capabilities apply to most Windows Store app scenarios.
Music library
The musicLibrary capability provides programmatic access to the user's Music library, allowing the app to enumerate and access all files in the library without user interaction. This capability is typically used in jukebox apps that need to access the entire Music library. The file picker provides a robust UI mechanism that enables users to open files for use with an app.
Declare the musicLibrary capability only when the scenarios for your app require programmatic access, and you cannot realize them by using the file picker. For an example of how to access files in a library, see How to get files and folders from a location.
Pictures library
The picturesLibrary capability provides programmatic access to the user's Pictures library, allowing the app to enumerate and access all files in the library without user interaction. This capability is typically used in photo playback apps that need to access the entire Pictures library.
The file picker provides a robust UI mechanism that enables users to open files for use with an app. Declare the picturesLibrary capability only when the scenarios for your app require programmatic access, and you cannot realize them by using the file picker. For an example of how to access files in a library, see How to get files and folders from a location.
Videos library
The videosLibrary capability provides programmatic access to the user's Videos library, allowing the app to enumerate and access all files in the library without user interaction. This capability is typically used in movie playback apps that need access to the entire Videos library.
The file picker provides a robust UI mechanism that enables users to open files for use with an app. Declare the videosLibrary capability only when the scenarios for your app require programmatic access, and you cannot realize them by using the file picker. For an example of how to access files in a library, see How to get files and folders from a location.
Removable storage
The removableStorage capability provides programmatic access to files on removable storage, such as USB keys and external hard drives, filtered to the file type associations declared in the package manifest. For example, if a DOC reader app declared a .doc file type association, it can open .doc files on the removable storage device, but not other types of files. Be careful when declaring this capability, because users may include a variety of info in their removable storage devices, and will expect the app to provide a valid justification for programmatic access to the removable storage for the entire file type.
Users will expect your app to handle any file associations that you declare. Therefore, do not declare file associations that your app cannot handle responsibly. The file picker provides a robust UI mechanism that enables users to open files for use with an app.
Declare the removableStorage capability only when the scenarios for your app require programmatic access, and you cannot realize them by using the file picker. For an example of how to access files in a known location, see How to get files and folders from a location.
Microphone
The microphone capability provides access to the microphone’s audio feed, which allows the app to record audio from connected microphones. Apps must handle the case where the user has disabled the microphone from the Settings charm. For an example of how to record audio, see How to record audio or video.
Webcam
The webcam capability provides access to the webcam’s video feed, which allows the app to capture snapshots and movies from a connected webcam. This capability is typically used in video chat or conferencing apps. Apps must handle the case where the user has disabled the webcam from the Settings charm. For an example of how to record video, see How to record audio or video.
The webcam capability only grants access to the video stream. In order to grant access to the audio stream as well, the microphone capability must be added.
Location
The location capability provides access to location functionality, which you get from dedicated hardware like a GPS sensor in the PC or is derived from available network info. Apps must handle the case where the user has disabled location services from the Settings charm. For an example of how to detect the user’s location, see Detecting geolocation.
Proximity
The proximity capability enables multiple devices in close proximity to communicate with one another. This capability is typically used in casual multi-player games and in apps that exchange information. Devices attempt to use the communication technology that provides the best possible connection, including Bluetooth, WiFi, and the internet. This capability is used only to initiate communication between the devices. For an example of how to use proximity to connect apps, see Quickstart: Connecting apps using tapping or browsing.
Internet and public networks
The internetClient capability provides outbound access to the Internet and public networks through the firewall. Almost all web apps use this capability. The internetClientServer capability provides inbound and outbound access to the Internet and public networks through the firewall.
The internetClientServer capability is typically used in peer-to-peer (P2P) scenarios in apps that use file share and VOIP. The internetClientServer capability includes the access that the internetClient capability provides, so you don't need to specify internetClient when you specify internetClientServer.
An important certification requirement is to include a link to your Privacy Policy on the Setting pane if you declare these capabilities. Forgetting to do so is currently the most common certification blocker!
Home and work networks
The privateNetworkClientServer capability provides inbound and outbound access to home and work networks through the firewall. This capability is typically used for games that communicate across the local area network (LAN), and for apps that share data across a variety of local devices. If your app specifies musicLibrary, picturesLibrary, or videosLibrary, you don't need to use this capability to access the corresponding library in a Home Group.
Special use capabilities
Special use capabilities are intended for very specific scenarios. Use of these capabilities is highly restricted and subject to additional Windows Store onboarding policy and review. There are cases where such capabilities are necessary and appropriate, such as banking with two-factor authentication, where users provide a smart card with a digital certificate that confirms their identity. Other apps may be designed primarily for enterprise customers and may need access to corporate resources that cannot be accessed without the user’s domain credentials.
Apps that apply the special use capabilities require a company account to submit them to the Windows Store. For more information about company accounts, see Registering for a Windows Store developer account.
Enterprise authentication
Windows domain credentials enable a user to log into remote resources using their credentials, and act as if a user provided their user name and password. The enterpriseAuthentication capability is typically used in line-of-business apps that connect to servers within an enterprise.
You don't need this capability for generic communication across the internet.
The enterpriseAuthentication capability is intended to support common line-of-business apps. Don't declare it in apps that don't need to access corporate resources. The file picker provides a robust UI mechanism that enables users to open files on a network share for use with an app. Declare the enterpriseAuthentication capability only when the scenarios for your app require programmatic access, and you cannot realize them by using the file picker.
Shared User Certificates
The sharedUserCertificates capability enables an app to access software and hardware certificates, such as certificates stored on a smart card. This capability is typically used for financial or enterprise apps that require a smart card for authentication.
Documents library
The documentsLibrary capability provides programmatic access to the user's Documents library, filtered to the file type associations declared in the package manifest. For example, if a DOC reader app declared a .doc file type association, it can open .doc files in the Documents library, but not other types of files.
The only acceptable use for the documentsLibrary capability is to support the opening of embedded content within another document.
Apps that declare the documentsLibrary capability can't access the Documents library on Home Group computers. The file picker provides a robust UI mechanism that enables users to open files for use with an app.
Declare the documentsLibrary capability only when the scenarios for your app require programmatic access, and you cannot realize them by using the file picker.
Related topics
Build date: 10/26/2012
