sharepoint Context. Using a credential cache for elevated execution of code


Example

While server side-code can run with elevated privileges, there is not an equivalent method to elevate privileges in client-side code (for obvious security reasons). As an alternative, you can specify credentials to emulate the access of a specific user or service account.

To specify credentials, build and populate a CredentialCache object, then assign it to your ClientContext object's Credentials property.

The example below emulates the application pool account, and assumes an on-premises SharePoint 2013 environment with NTLM.

using System.Net;
using Microsoft.SharePoint.Client;

using (ClientContext ctx = new ClientContext("https://onpremises.local/sites/demo/"))
{
    // need the web object
    ctx.Load(ctx.Web);
    ctx.ExecuteQuery();

    // here the default network credentials relate to the identity of the account
    // running the App Pool of your web application.
    CredentialCache credCache = new CredentialCache();        
    cc.Add(new Uri(ctx.Web.Url), "NTLM", CredentialCache.DefaultNetworkCredentials);

    ctx.Credentials = credCache;
    ctx.AuthenticationMode = ClientAuthentication.Default;
    ctx.ExecuteQuery();

    // do stuff as elevated app pool account
}

Note that granting the application pool account elevated privileges in SharePoint is against best practice, but that any relevant network credentials could be used in its place.