Hello. Among my travels I have had the opportunity to write a number of SharePoint provider-hosted Add-Ins (Apps) that take advantage of the awesome built-in search capabilities of SharePoint Online. The ability to easily search existing list and document content, along with related metadata, and the availability of controls to customize search results based on organizational need is often a compelling reason to consider SharePoint as a search platform in a Web application.

When querying SharePoint search, you’re really querying results based on a user. In the case of the SharePoint Online Web UI or provider-hosted application using the search API, this search is done based on the logged in user; results are security-trimmed and the user will see his or her content. When configuring an application using the CSOM, you can make many calls – such as reading or writing list content, opening documents, or updating Web parts – using an application identity, which means these calls are run without a given user context. Since search returns results based on a given user, however, it ignores the application identity in it’s permissions model:



I’m providing some sample code below that executes a search query on behalf of another user in cases where querying on behalf of the logged in user in not appropriate. This code assumes a directory account has been added and that the user has access to the searchable content.

public IEnumerable<ApplicationDocument> SearchDocuments(string query)
var uri = new Uri(_hostWeb);
var username = “<your username>”;
var secret = “<your password>”;

    using (var context = new Microsoft.SharePoint.Client.ClientContext(_hostWeb))
var s = new System.Net.NetworkCredential(“”, secret).SecurePassword;
context.Credentials = new Microsoft.SharePoint.Client.SharePointOnlineCredentials(username, s);

        var q = new KeywordQuery(context)
QueryText = “(ListID:{8793f7c8-9a23-46ec-a96f-2798ef7a978c})” + query,
TrimDuplicates = true

        var e = new SearchExecutor(context);
var rs = e.ExecuteQuery(q);

        if (rs.Value.Count() == 0) return null;

        var ds = new List<ApplicationDocument>();

        for (var i = 0; i < rs.Value[0].ResultRows.Count(); i++)
var d = new ApplicationDocument();
d.Type = rs.Value[0].ResultRows.ElementAt(i)[“DocId”].ToString();
d.Uri = rs.Value[0].ResultRows.ElementAt(i)[“Path”].ToString();
d.Name = rs.Value[0].ResultRows.ElementAt(i)[“Title”].ToString();
d.Keywords = rs.Value[0].ResultRows.ElementAt(i)[“HitHighlightedSummary”].ToString();

        return ds;



Using the code above, you can now query SharePoint Search as another user in your organization. Because this uses the CSOM, it can be done using Web applications, console applications or even in PowerShell. Thanks for reading!


(cross-posted on my personal blog at

Hits: 712