Closed sathya-bhat closed 4 years ago
Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible.
I am experiencing the same issue. I have a 20% success rate in connecting to a SharePoint site. However I am using Connect-PnpOnline -Site $site -credentials $Credentials.
Please try this again with the June 2020 release which will come out next Tuesday on June 9th, 2020. There are some known issues with authentication in the April and May releases which have been fixed in the upcoming release.
Using a combination of an AppId and AppSecret is perfectly supported. For an overview of all supported connect options as of the June 2020 release, have a look at https://github.com/pnp/PnP-PowerShell/wiki/Connect-options. This wiki page will be updated in the future to contain more detailed information on each of the connect options.
Closing this issue for now as I'm pretty sure the June release will address it. If it turns out it doesn't, feel free to reopen.
Thanks!. I think I found the root cause of this issue. I had to grant permissions using AppPermissionRequests XML. Then it worked with AppId and AppSecret. Its described here. I will test June 9th release as well.
https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs
Notice: many issues / bugs reported are actually related to the PnP Core Library which is used behind the scenes. Consider carefully where to report an issue:
Apply-SPOProvisioningTemplate
orGet-SPOProvisioningTemplate
? The issue is most likely related to the Provisioning Engine. The Provisioning engine is not located in the PowerShell repo. Please report the issue here: https://github.com/officedev/PnP-Sites-Core/issues. NoReporting an Issue or Missing Feature
Please confirm what it is that your reporting The Connect-PnPOnline succeeds against my O365 site with AppId/AppSecret, but any subsequent call using the returned connection results in error '(403) Forbidden'.
The AppId has all the required permissions in Sharepoint. MFA is not enabled on the tenant.
The Same AppID works with Certificate based connection. Its the AppId/AppSecret combination that does not work. Looking at following documentation, it appears that PnP cmdlets using AppId can work only with Certificate (not with AppSecret). Could you please confirm?
https://github.com/pnp/PnP-PowerShell/tree/master/Samples/SharePoint.ConnectUsingAppPermissions
Expected behavior
Please describe what output you expect to see from PnP-PowerShell Cmdlets The returned connection from Connect-PnPOnline cannot be used in any subsequent calls.
Actual behavior
Please describe what you see instead. Please provide samples of HTML output or screenshots The Get-PnPList or any other call using the returned connection fails with '403 Forbidden' error
The PnP trace log shows
PowerShell_ISE.exe Error: 0 : 2020-05-18 13:32:38.6259 [OfficeDevPnP.Core] [0] [Error] ExecuteQuery threw following exception: System.Net.WebException: The remote server returned an error: (403) Forbidden.
Steps to reproduce behavior
Create an AppId/AppSecret combination, grant the App all Sharepoint permissions with admin consent. Run the following simple cmdlet against a O365 Sharepoint site. Connect-PnPOnline should suceed, but the next call Get-PnPList fails with 403 Forbidden.
Please include complete code samples in-line or linked from gists
Import-Module Microsoft.Online.SharePoint.PowerShell -ea Stop Import-Module SharePointPnPPowerShellOnline -ea Stop
$ConnectionOptions =@{ AppId = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' AppSecret = 'yyyyyyyyyyyyyyyyyyyyyyyyyyyy' Url = 'https://tenant1.sharepoint.com/sites/mysite'
ErrorAction = 'Stop' Verbose = $True ReturnConnection = $True };
$SPOPnPConnection = Connect-PnPOnline @ConnectionOptions
Write-Host 'Connection succeeded. Now trying an operation on the session.'
Get-PnPList -Connection $SPOPnPConnection -ea Stop -Verbose
Which version of the PnP-PowerShell Cmdlets are you using?
What is the version of the Cmdlet module you are running?
(you can retrieve this by executing
Get-Module -Name *pnppowershell* -ListAvailable
) 3.21.2005.1 Also tried with 3.20.2004.0How did you install the PnP-PowerShell Cmdlets?