VB.NET - 使用错误日志文本文件解决 IIS7 Active Directory 组成员问题
背景:我有一个应用程序,如果当前登录的用户是活动目录中该营销组的成员,则该应用程序会将营销公司加载到下拉列表中。通过 Web 服务将组 ACOMP_USER_BIG 与数据库记录中的 MarketingCompanyShortName Big 进行比较。
问题:我有 3 个新添加的 AD 组,它们无法在生产环境中加载,但可以在本地开发服务器的下拉列表中正常加载。部署人员已经尝试执行 IISReset,但这并没有解决问题。所有 AD 组都只有读取权限,没有写入权限。我们需要找出有关营销公司 AD 组未加载的原因的更多信息。
如何让组正确加载或证明问题不是编程问题、部署或 AD 问题?
这里是填充营销公司下拉列表的 VB.NET 代码。
Private Sub GetMarketingCompanies()
Try
Dim marketingCompanyNamesArray As Array
marketingCompanyNamesArray = proxy.GetMarketingCompanyNames("test", "test")
' code to populate marketing company drop down list based on the current logged in users active directory group that
' corresponds to which marketing company they are in
Dim identityReferenceCollection As IdentityReferenceCollection
Dim identityReference As IdentityReference
identityReferenceCollection = WindowsIdentity.GetCurrent().Groups
Dim strGroupName As String
Dim mcisloaded As Boolean
' Translate the current user's active directory groups
For Each identityReference In identityReferenceCollection
Dim mktGroup As IdentityReference = identityReference.Translate(GetType(NTAccount))
' MsgBox(mktGroup.Value)
' Debug.WriteLine(mktGroup.Value)
strGroupName = mktGroup.Value.ToString
' Locally User group is ALG\ACOMP_USER_ADMIN , deployed ALGWEB\ACOMP_USER_ADMIN
' If the user is in the admin group, load all marketing companies
If mktGroup.Value = "ALG\ACOMP_USER_ADMIN" Then
mcisloaded = True
For Each item In marketingCompanyNamesArray
marketingCo.Items.Add(String.Format("{0} | {1}", item.MarketingCompanyShort, item.MarketingCompanyName))
Next
Else
'If not admin user (mcisloaded = False) load each group individually if it appears in AD
' For Each UserGroup In WindowsIdentity.GetCurrent().Groups that begins with ALG\ACOMP_USER, load marketing companies
Dim MarketingCompanyShortName As String = ""
Dim mktGroupName As String = mktGroup.Value
If mktGroupName.StartsWith("ALG\ACOMP_USER") Then
Dim marketingGroupNameParts() As String = Split(mktGroupName, "_")
'Load MarketingCompanyShortName from the end of marketingGroupNameParts - example: ACOMP_USER_BIG
MarketingCompanyShortName = marketingGroupNameParts(2)
'If MarketingCompanyShortName exists, load it into the dropdownlist
Dim Company = marketingCompanyNamesArray.Cast(Of MarketingCompany).Where(Function(ac) ac.MarketingCompanyShort = MarketingCompanyShortName).FirstOrDefault
If Company IsNot Nothing Then
marketingCo.Items.Add(String.Format("{0} | {1}", Company.MarketingCompanyShort, Company.MarketingCompanyName))
End If
End If
End If
Next
'END LOOP TO CHECK USER GROUPS
Catch ex As Exception
WriteToEventLog(ex.Message, "GetMarketingCompanies-Method", EventLogEntryType.Error, "aComp-utility")
End Try
End Sub
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我最终编写了一个网页,用户的活动目录设置出现问题时可以打开该网页,其中列出了当前用户所在的所有活动目录组。
以下是要查看的代码:
请参阅此处的凭据.aspx.vb 代码隐藏:
请参阅此处的凭据.aspx 代码:
让用户加载在此 Web 应用程序中,我能够看到用户在终端上看到的内容,并确定远程访问该站点的用户不会在 IE 中的 ALG\ACOMP_USER_COMPANY 下加载其活动目录组,而仅在 ALGWEB\ACOMP_USER_COMPANY 下加载,这就是为什么某些用户问题。
I ended up Writing a webpage that that users having issues with their active directory settings can bring up that lists all active directory groups that a current user is in.
Here is the code to see:
see credentials.aspx.vb code-behind here:
see credentials.aspx code here:
Having users load this web application I was able to see what the user was seeing on their end and determined that users accessing the site remotely don't load their active directory group in IE under ALG\ACOMP_USER_COMPANY but only ALGWEB\ACOMP_USER_COMPANY and that's why some users were having problems.