Xaml Browser Apps (XBAPs - formerly called WBAs) are an a light-weight way of deploying rich WPF applications to users via their web browser. In addition to all the enhanced display features and stateful programming model that WPF apps have over HTML-based internet applications, XBAPs can also touch local system resources like reading from the file system. Allowing applications that run in the browser direct access to the file system would be a huge security risk. XBAPs ensure that the potentially malicious browser-hosted application can only ever read files that the user has selected for it to read. The XBAP author creates an OpenFileDialog (from the Microsoft.Win32 namespace) and displays it to the user by calling ShowDialog(). If the user selects a file and clicks OK the application can then read the file by calling the OpenFile() method on an OpenFileDialog instance. This returns a read-only stream for loading the data. The example code shown below demonstrates how to do this:
C# Code (WPF Beta 2)
private void OpenFileClick(object sender, RoutedEventArgs e)
{
OpenFileDialog dlg = new OpenFileDialog();
bool? result = dlg.ShowDialog();
if (result == true)
{
using (Stream s = dlg.OpenFile())
{
TextReader reader = new StreamReader(s);
contentsText.Text = reader.ReadToEnd();
}
}
}
The important distinction here is that the un-trusted XBAP can't just open any file it likes, but rather it has to give the user total control of the file selected. The useful thing for developers is that this feature is turned on in even the most restricted permission set, so even XBAPs launched from the internet and not signed with a trusted key will still be able to do this. You can read more about XBAPs and the sandboxed set of features they must operate in here. More general information about XBAPs can be found here.
The OpenFileDialog resides in the Microsoft.Win32 namespace in PresentationFramework.dll, and is very similar to the OpenFileDialog in the System.Windows.Forms namespace (right down to the name of the class), so make sure you're using the correct one.