[英]VB.NET - Troubleshooting IIS7 Active Directory Group Members Issue w/ Error Log Text File
背景:如果当前登录的用户是活动目录中该营销组的成员,则我有一个应用程序可以将营销公司加载到下拉列表中。 通过Web服务将ACOMP_USER_BIG组与数据库记录中的MarketingCompanyShortName Big进行比较。
问题:我有3个新添加的AD组,它们不会在生产环境中加载,但在本地开发服务器的下拉列表中可以很好地加载。 部署人员已经尝试执行IISReset,但这并不能解决问题。 所有AD组仅具有读访问权限,而没有写访问权限。 我们需要查找有关为何未加载市场营销公司广告组的更多信息。
如何使组正确加载或证明问题不是编程问题和部署或AD问题?
H * ere的背后是VB.NET代码,它填充了营销公司的下拉列表。
Private Sub GetMarketingCompanies()
Try
Dim marketingCompanyNamesArray As Array
marketingCompanyNamesArray = proxy.GetMarketingCompanyNames("test", "test")
' code to populate marketing company drop down list based on the current logged in users active directory group that
' corresponds to which marketing company they are in
Dim identityReferenceCollection As IdentityReferenceCollection
Dim identityReference As IdentityReference
identityReferenceCollection = WindowsIdentity.GetCurrent().Groups
Dim strGroupName As String
Dim mcisloaded As Boolean
' Translate the current user's active directory groups
For Each identityReference In identityReferenceCollection
Dim mktGroup As IdentityReference = identityReference.Translate(GetType(NTAccount))
' MsgBox(mktGroup.Value)
' Debug.WriteLine(mktGroup.Value)
strGroupName = mktGroup.Value.ToString
' Locally User group is ALG\ACOMP_USER_ADMIN , deployed ALGWEB\ACOMP_USER_ADMIN
' If the user is in the admin group, load all marketing companies
If mktGroup.Value = "ALG\ACOMP_USER_ADMIN" Then
mcisloaded = True
For Each item In marketingCompanyNamesArray
marketingCo.Items.Add(String.Format("{0} | {1}", item.MarketingCompanyShort, item.MarketingCompanyName))
Next
Else
'If not admin user (mcisloaded = False) load each group individually if it appears in AD
' For Each UserGroup In WindowsIdentity.GetCurrent().Groups that begins with ALG\ACOMP_USER, load marketing companies
Dim MarketingCompanyShortName As String = ""
Dim mktGroupName As String = mktGroup.Value
If mktGroupName.StartsWith("ALG\ACOMP_USER") Then
Dim marketingGroupNameParts() As String = Split(mktGroupName, "_")
'Load MarketingCompanyShortName from the end of marketingGroupNameParts - example: ACOMP_USER_BIG
MarketingCompanyShortName = marketingGroupNameParts(2)
'If MarketingCompanyShortName exists, load it into the dropdownlist
Dim Company = marketingCompanyNamesArray.Cast(Of MarketingCompany).Where(Function(ac) ac.MarketingCompanyShort = MarketingCompanyShortName).FirstOrDefault
If Company IsNot Nothing Then
marketingCo.Items.Add(String.Format("{0} | {1}", Company.MarketingCompanyShort, Company.MarketingCompanyName))
End If
End If
End If
Next
'END LOOP TO CHECK USER GROUPS
Catch ex As Exception
WriteToEventLog(ex.Message, "GetMarketingCompanies-Method", EventLogEntryType.Error, "aComp-utility")
End Try
End Sub
我最终写了一个网页,该网页的活动目录设置有问题的用户可以打开该页面,列出当前用户所在的所有活动目录组。
这是要查看的代码:
请参阅以下代码,以查看凭据.aspx.vb:
Imports System.Text
Imports ACOMP_Invitation_Web_App.aComp_ServiceReference
Imports System.Security.Principal
Imports System.Net.Security
Imports System.Web.UI.WebControls
Public Class verifycredentials
Inherits System.Web.UI.Page
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
Dim identityReferenceCollection As IdentityReferenceCollection
Dim identityReference As IdentityReference
identityReferenceCollection = WindowsIdentity.GetCurrent().Groups
Dim strGroupName As String
For Each identityReference In identityReferenceCollection
Dim mktGroup As IdentityReference = identityReference.Translate(GetType(NTAccount))
' MsgBox(mktGroup.Value)
' Debug.WriteLine(mktGroup.Value)
strGroupName = mktGroup.Value.ToString
Dim MarketingCompanyShortName As String = ""
Dim mktGroupName As String = mktGroup.Value
If mktGroupName.StartsWith("ALG\ACOMP_USER") Then
Credentials.Text = Credentials.Text + mktGroup.Value + "<br>"
End If
If mktGroupName.StartsWith("ALGWEB\ACOMP_USER") Then
Credentials.Text = Credentials.Text + mktGroup.Value + "<br>"
End If
If mktGroupName.StartsWith("ALG\ACOMP_user") Then
Credentials.Text = Credentials.Text + mktGroup.Value + "<br>"
End If
Next
For Each identityReference In identityReferenceCollection
Dim mktGroup As IdentityReference = identityReference.Translate(GetType(NTAccount))
' MsgBox(mktGroup.Value)
' Debug.WriteLine(mktGroup.Value)
strGroupName = mktGroup.Value.ToString
Dim MarketingCompanyShortName As String = ""
Dim mktGroupName As String = mktGroup.Value
AllCredentials.Text = AllCredentials.Text + mktGroup.Value + "<br>"
Next
End Sub
在这里查看凭据.aspx代码:
<%@ Page Language="vb" AutoEventWireup="false" CodeBehind="credentials.aspx.vb" Inherits="ACOMP_Invitation_Web_App.verifycredentials" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1" runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
<br />
Current Logged in User's AD Credentials for Groups beginning with
ALG\ACOMP_USER OR ALGWEB\ACOMP_USER:<br /><br />
<asp:Label ID="Credentials" runat="server"></asp:Label>
<br />
<br />
Current Logged in User's AD Credentials for ALL Groups:<br /><br />
<asp:Label ID="AllCredentials" runat="server"></asp:Label>
<br />
<br />
</div>
</form>
</body>
</html>
让用户加载此Web应用程序后,我能够看到用户在终端上看到的内容,并确定远程访问该站点的用户没有将其活动目录组加载到IE中的ALG \\ ACOMP_USER_COMPANY下的IE中,而仅加载了ALGWEB \\ ACOMP_USER_COMPANY下的IE,这就是为什么某些用户遇到问题。
ASP.NET VB.NET - 如何使用IIS7 Active Directory设置单点登录SSO
[英]ASP.NET VB.NET - How to setup Single Sign On SSO using IIS7 Active Directory
VB.net Active Directory获取组的属性的描述值
[英]VB.net Active Directory get description value of attribute for group
VB.NET - 如何使用 Active Directory 将 SID 转换为组名
[英]VB.NET - How to Convert SID to Group Name with Active Directory
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.