VB.NET - 使用错误日志文本文件解决 IIS7 Active Directory 组成员问题
背景:我有一个应用程序,如果当前登录的用户是活动目录中该营销组的成员,则该应用程序会将营销公司加载到下拉列表中。通过 Web 服务将组 ACOMP_USER_BIG 与数据库记录中的 MarketingCompanyShortName Big 进行比较。
问题:我有 3 个新添加的 AD 组,它们无法在生产环境中加载,但可以在本地开发服务器的下拉列表中正常加载。部署人员已经尝试执行 IISReset,但这并没有解决问题。所有 AD 组都只有读取权限,没有写入权限。我们需要找出有关营销公司 AD 组未加载的原因的更多信息。
如何让组正确加载或证明问题不是编程问题、部署或 AD 问题?
这里是填充营销公司下拉列表的 VB.NET 代码。
Private Sub GetMarketingCompanies()
Try
Dim marketingCompanyNamesArray As Array
marketingCompanyNamesArray = proxy.GetMarketingCompanyNames("test", "test")
' code to populate marketing company drop down list based on the current logged in users active directory group that
' corresponds to which marketing company they are in
Dim identityReferenceCollection As IdentityReferenceCollection
Dim identityReference As IdentityReference
identityReferenceCollection = WindowsIdentity.GetCurrent().Groups
Dim strGroupName As String
Dim mcisloaded As Boolean
' Translate the current user's active directory groups
For Each identityReference In identityReferenceCollection
Dim mktGroup As IdentityReference = identityReference.Translate(GetType(NTAccount))
' MsgBox(mktGroup.Value)
' Debug.WriteLine(mktGroup.Value)
strGroupName = mktGroup.Value.ToString
' Locally User group is ALG\ACOMP_USER_ADMIN , deployed ALGWEB\ACOMP_USER_ADMIN
' If the user is in the admin group, load all marketing companies
If mktGroup.Value = "ALG\ACOMP_USER_ADMIN" Then
mcisloaded = True
For Each item In marketingCompanyNamesArray
marketingCo.Items.Add(String.Format("{0} | {1}", item.MarketingCompanyShort, item.MarketingCompanyName))
Next
Else
'If not admin user (mcisloaded = False) load each group individually if it appears in AD
' For Each UserGroup In WindowsIdentity.GetCurrent().Groups that begins with ALG\ACOMP_USER, load marketing companies
Dim MarketingCompanyShortName As String = ""
Dim mktGroupName As String = mktGroup.Value
If mktGroupName.StartsWith("ALG\ACOMP_USER") Then
Dim marketingGroupNameParts() As String = Split(mktGroupName, "_")
'Load MarketingCompanyShortName from the end of marketingGroupNameParts - example: ACOMP_USER_BIG
MarketingCompanyShortName = marketingGroupNameParts(2)
'If MarketingCompanyShortName exists, load it into the dropdownlist
Dim Company = marketingCompanyNamesArray.Cast(Of MarketingCompany).Where(Function(ac) ac.MarketingCompanyShort = MarketingCompanyShortName).FirstOrDefault
If Company IsNot Nothing Then
marketingCo.Items.Add(String.Format("{0} | {1}", Company.MarketingCompanyShort, Company.MarketingCompanyName))
End If
End If
End If
Next
'END LOOP TO CHECK USER GROUPS
Catch ex As Exception
WriteToEventLog(ex.Message, "GetMarketingCompanies-Method", EventLogEntryType.Error, "aComp-utility")
End Try
End Sub
Background: I have an application that loads marketing companies into a drop down list if the currently logged in user is a member of that marketing group in active directory. The Group ACOMP_USER_BIG is compared to MarketingCompanyShortName Big in the database records via a web service.
Problem: I have 3 Newly added AD Groups that won't load in production but load fine in the drop down on my local dev server. The deployment guy already tried doing an IISReset and that didnt fix the issue. All the AD groups have read access only and no write access. We need to find out more information on why the marketing company AD groups are not loading.
How do I get the groups to load correctly or prove that the problem is not a programming issue and a deployment or AD issue?
H*ere's the VB.NET Code behind that populates the marketing company drop down list.
Private Sub GetMarketingCompanies()
Try
Dim marketingCompanyNamesArray As Array
marketingCompanyNamesArray = proxy.GetMarketingCompanyNames("test", "test")
' code to populate marketing company drop down list based on the current logged in users active directory group that
' corresponds to which marketing company they are in
Dim identityReferenceCollection As IdentityReferenceCollection
Dim identityReference As IdentityReference
identityReferenceCollection = WindowsIdentity.GetCurrent().Groups
Dim strGroupName As String
Dim mcisloaded As Boolean
' Translate the current user's active directory groups
For Each identityReference In identityReferenceCollection
Dim mktGroup As IdentityReference = identityReference.Translate(GetType(NTAccount))
' MsgBox(mktGroup.Value)
' Debug.WriteLine(mktGroup.Value)
strGroupName = mktGroup.Value.ToString
' Locally User group is ALG\ACOMP_USER_ADMIN , deployed ALGWEB\ACOMP_USER_ADMIN
' If the user is in the admin group, load all marketing companies
If mktGroup.Value = "ALG\ACOMP_USER_ADMIN" Then
mcisloaded = True
For Each item In marketingCompanyNamesArray
marketingCo.Items.Add(String.Format("{0} | {1}", item.MarketingCompanyShort, item.MarketingCompanyName))
Next
Else
'If not admin user (mcisloaded = False) load each group individually if it appears in AD
' For Each UserGroup In WindowsIdentity.GetCurrent().Groups that begins with ALG\ACOMP_USER, load marketing companies
Dim MarketingCompanyShortName As String = ""
Dim mktGroupName As String = mktGroup.Value
If mktGroupName.StartsWith("ALG\ACOMP_USER") Then
Dim marketingGroupNameParts() As String = Split(mktGroupName, "_")
'Load MarketingCompanyShortName from the end of marketingGroupNameParts - example: ACOMP_USER_BIG
MarketingCompanyShortName = marketingGroupNameParts(2)
'If MarketingCompanyShortName exists, load it into the dropdownlist
Dim Company = marketingCompanyNamesArray.Cast(Of MarketingCompany).Where(Function(ac) ac.MarketingCompanyShort = MarketingCompanyShortName).FirstOrDefault
If Company IsNot Nothing Then
marketingCo.Items.Add(String.Format("{0} | {1}", Company.MarketingCompanyShort, Company.MarketingCompanyName))
End If
End If
End If
Next
'END LOOP TO CHECK USER GROUPS
Catch ex As Exception
WriteToEventLog(ex.Message, "GetMarketingCompanies-Method", EventLogEntryType.Error, "aComp-utility")
End Try
End Sub
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我最终编写了一个网页,用户的活动目录设置出现问题时可以打开该网页,其中列出了当前用户所在的所有活动目录组。
以下是要查看的代码:
请参阅此处的凭据.aspx.vb 代码隐藏:
请参阅此处的凭据.aspx 代码:
让用户加载在此 Web 应用程序中,我能够看到用户在终端上看到的内容,并确定远程访问该站点的用户不会在 IE 中的 ALG\ACOMP_USER_COMPANY 下加载其活动目录组,而仅在 ALGWEB\ACOMP_USER_COMPANY 下加载,这就是为什么某些用户问题。
I ended up Writing a webpage that that users having issues with their active directory settings can bring up that lists all active directory groups that a current user is in.
Here is the code to see:
see credentials.aspx.vb code-behind here:
see credentials.aspx code here:
Having users load this web application I was able to see what the user was seeing on their end and determined that users accessing the site remotely don't load their active directory group in IE under ALG\ACOMP_USER_COMPANY but only ALGWEB\ACOMP_USER_COMPANY and that's why some users were having problems.