sharepoint Context. Using a credential cache for elevated execution of code


While server side-code can run with elevated privileges, there is not an equivalent method to elevate privileges in client-side code (for obvious security reasons). As an alternative, you can specify credentials to emulate the access of a specific user or service account.

To specify credentials, build and populate a CredentialCache object, then assign it to your ClientContext object's Credentials property.

The example below emulates the application pool account, and assumes an on-premises SharePoint 2013 environment with NTLM.

using System.Net;
using Microsoft.SharePoint.Client;

using (ClientContext ctx = new ClientContext("https://onpremises.local/sites/demo/"))
    // need the web object

    // here the default network credentials relate to the identity of the account
    // running the App Pool of your web application.
    CredentialCache credCache = new CredentialCache();        
    cc.Add(new Uri(ctx.Web.Url), "NTLM", CredentialCache.DefaultNetworkCredentials);

    ctx.Credentials = credCache;
    ctx.AuthenticationMode = ClientAuthentication.Default;

    // do stuff as elevated app pool account

Note that granting the application pool account elevated privileges in SharePoint is against best practice, but that any relevant network credentials could be used in its place.