We use the SharePoint Patterns and Practices framework in a project to provide SharePoint Site Collections for SharePoint Online. For a few days now, when I log on to SharePoint Online with the PowerShell cmdlet Connect-PnPOnline, I have received the following error message:
Cannot contact web site 'https://customer-admin.sharepoint.com/' or the web site does not support SharePoint Online credentials. The response status code is 'Unauthorized'. The response headers are 'X-SharePointHealthScore=0, X-MS
DAVEXT_Error=917656; Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically., SPRequestGuid=ac6c229e-80d9-4000-83e5-3a2938f84c4b, request-id=ac6c229e-80d9-4000-83e5-3a2938f84
c4b, MS-CV=niJsrNmAAECD5TopOPhMSw.0, Strict-Transport-Security=max-age=31536000, X-FRAME-OPTIONS=SAMEORIGIN, SPRequestDuration=187, SPIisLatency=1, MicrosoftSharePointTeamServices=22.214.171.12427, X-Content-Type-Options=nosniff, X-MS-InvokeApp=1; RequireReadOnly
, X-MSEdge-Ref=Ref A: 4A35F4682A1449D1967ECE00FC378207 Ref B: AMSEDGE1019 Ref C: 2017-10-13T07:23:37Z, Content-Length=0, Content-Type=text/plain; charset=utf-8, Date=Fri, 13 Oct 2017 07:23:36 GMT, P3P=CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD T
AI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI", X-Powered-By=ASP.NET'.
The response contains the following text:
Access denied. Before opening files in this location you must first browse to the web site and select the option to login automatically.
Although my credentials are correct, and I can easily log on to the SharePoint Online Admin page with these credentials, they are not accepted by the cmdlet. A similar problem is listed in the Github Issue List for the PNP Framework:
In this case, the solution was to replace the CSOM libraries included in the PNP framework with the most current ones provided by Nuget. I have not tested this approach.
Another solution I’ve found is to set the parameter LegacyAuthProtocolsEnabled to $True in the SharePoint Online Tenant, but that didn’t work for me:
In my case, I used the -UseWebLogin: $true parameter to log on to the Connect-PNPOnline cmdlet. The cmdlet call then looks like this:
Connect-PnPOnline -Url $Url -UseWebLogin: $true
This causes the cmdlet to start a window with Internet Explorer and loads the SharePoint Online login page, asks for my data, and then logs me on. That worked for me.