0

背景:如果当前登录的用户是活动目录中该营销组的成员,我有一个应用程序将营销公司加载到下拉列表中。Group ACOMP_USER_BIG 通过 Web 服务与数据库记录中的 MarketingCompanyShortName Big 进行比较。

问题:我有 3 个新添加的 AD 组,它们不会在生产中加载,但在我的本地开发服务器上的下拉列表中可以正常加载。部署人员已经尝试过执行 IISReset 并没有解决问题。所有 AD 组都只有读取权限,没有写入权限。我们需要了解有关营销公司广告组未加载的原因的更多信息。

如何让组正确加载或证明问题不是编程问题和部署或 AD 问题?

这是填充营销公司下拉列表的 VB.NET 代码。

Private Sub GetMarketingCompanies()
    Try
        Dim marketingCompanyNamesArray As Array
        marketingCompanyNamesArray = proxy.GetMarketingCompanyNames("test", "test")

        ' code to populate marketing company drop down list based on the current logged in users active directory group that 
        ' corresponds to which marketing company they are in 

        Dim identityReferenceCollection As IdentityReferenceCollection
        Dim identityReference As IdentityReference
        identityReferenceCollection = WindowsIdentity.GetCurrent().Groups
        Dim strGroupName As String
        Dim mcisloaded As Boolean

        ' Translate the current user's active directory groups 
        For Each identityReference In identityReferenceCollection
            Dim mktGroup As IdentityReference = identityReference.Translate(GetType(NTAccount))
            ' MsgBox(mktGroup.Value)
            ' Debug.WriteLine(mktGroup.Value) 
            strGroupName = mktGroup.Value.ToString

            ' Locally User group is ALG\ACOMP_USER_ADMIN , deployed ALGWEB\ACOMP_USER_ADMIN
            ' If the user is in the admin group, load all marketing companies   
            If mktGroup.Value = "ALG\ACOMP_USER_ADMIN" Then
                mcisloaded = True
                For Each item In marketingCompanyNamesArray
                    marketingCo.Items.Add(String.Format("{0} | {1}", item.MarketingCompanyShort, item.MarketingCompanyName))
                Next

            Else
                'If not admin user (mcisloaded = False) load each group individually if it appears in AD 
                ' For Each UserGroup In WindowsIdentity.GetCurrent().Groups that begins with ALG\ACOMP_USER, load marketing companies 

                Dim MarketingCompanyShortName As String = ""
                Dim mktGroupName As String = mktGroup.Value
                If mktGroupName.StartsWith("ALG\ACOMP_USER") Then
                    Dim marketingGroupNameParts() As String = Split(mktGroupName, "_")
                    'Load MarketingCompanyShortName from the end of marketingGroupNameParts - example: ACOMP_USER_BIG
                    MarketingCompanyShortName = marketingGroupNameParts(2)

                    'If MarketingCompanyShortName exists, load it into the dropdownlist 
                    Dim Company = marketingCompanyNamesArray.Cast(Of MarketingCompany).Where(Function(ac) ac.MarketingCompanyShort = MarketingCompanyShortName).FirstOrDefault
                    If Company IsNot Nothing Then
                        marketingCo.Items.Add(String.Format("{0} | {1}", Company.MarketingCompanyShort, Company.MarketingCompanyName))
                    End If

                End If
            End If

        Next

        'END LOOP TO CHECK USER GROUPS 

    Catch ex As Exception
        WriteToEventLog(ex.Message, "GetMarketingCompanies-Method", EventLogEntryType.Error, "aComp-utility")
    End Try

End Sub
4

1 回答 1

0

我最终编写了一个网页,用户在其 Active Directory 设置方面遇到问题可以打开该网页,其中列出了当前用户所在的所有 Active Directory 组。

这是要查看的代码:

  • 当前登录的用户的 AD 凭据以 ALG\ACOMP_USER 或 ALGWEB\ACOMP_USER 开头的组
  • 当前登录的所有组的用户 AD 凭据

在此处查看 credentials.aspx.vb 代码隐藏:

Imports System.Text
Imports ACOMP_Invitation_Web_App.aComp_ServiceReference
Imports System.Security.Principal
Imports System.Net.Security
Imports System.Web.UI.WebControls


Public Class verifycredentials
Inherits System.Web.UI.Page

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load

    Dim identityReferenceCollection As IdentityReferenceCollection
    Dim identityReference As IdentityReference
    identityReferenceCollection = WindowsIdentity.GetCurrent().Groups
    Dim strGroupName As String

    For Each identityReference In identityReferenceCollection
        Dim mktGroup As IdentityReference = identityReference.Translate(GetType(NTAccount))
        ' MsgBox(mktGroup.Value)
        ' Debug.WriteLine(mktGroup.Value)
        strGroupName = mktGroup.Value.ToString

        Dim MarketingCompanyShortName As String = ""
        Dim mktGroupName As String = mktGroup.Value

        If mktGroupName.StartsWith("ALG\ACOMP_USER") Then
            Credentials.Text = Credentials.Text + mktGroup.Value + "<br>"
        End If
        If mktGroupName.StartsWith("ALGWEB\ACOMP_USER") Then
            Credentials.Text = Credentials.Text + mktGroup.Value + "<br>"
        End If
        If mktGroupName.StartsWith("ALG\ACOMP_user") Then
            Credentials.Text = Credentials.Text + mktGroup.Value + "<br>"
        End If
    Next
    For Each identityReference In identityReferenceCollection
        Dim mktGroup As IdentityReference = identityReference.Translate(GetType(NTAccount))
        ' MsgBox(mktGroup.Value)
        ' Debug.WriteLine(mktGroup.Value)
        strGroupName = mktGroup.Value.ToString

        Dim MarketingCompanyShortName As String = ""
        Dim mktGroupName As String = mktGroup.Value

        AllCredentials.Text = AllCredentials.Text + mktGroup.Value + "<br>"

    Next

End Sub

在此处查看 credentials.aspx 代码:

    <%@ Page Language="vb" AutoEventWireup="false" CodeBehind="credentials.aspx.vb" Inherits="ACOMP_Invitation_Web_App.verifycredentials" %>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

    <html xmlns="http://www.w3.org/1999/xhtml">
    <head id="Head1" runat="server">
        <title></title>
    </head>
    <body>
        <form id="form1" runat="server">
        <div>

        <br />

    Current Logged in User&#39;s AD Credentials for Groups beginning with 
    ALG\ACOMP_USER OR ALGWEB\ACOMP_USER:<br /><br />

    <asp:Label ID="Credentials" runat="server"></asp:Label>
    <br />
    <br />
    Current Logged in User&#39;s AD Credentials for ALL Groups:<br /><br />

    <asp:Label ID="AllCredentials" runat="server"></asp:Label> 
    <br />
    <br />
        </div>
        </form>
    </body>
    </html>

让用户加载此 Web 应用程序,我能够看到用户最终看到的内容,并确定远程访问该站点的用户不会在 IE 中的 ALG\ACOMP_USER_COMPANY 下加载他们的活动目录组,而只是在 ALGWEB\ACOMP_USER_COMPANY 下加载,这就是为什么有些用户遇到问题。

于 2011-06-22T19:31:30.680 回答