FIX: Winhttp.dll Causes a Memory Leak When Windows Integrated Authentication Fails

Article translations Article translations
Article ID: 826216
Expand all | Collapse all

On This Page

Symptoms

When you try to consume a Web service from a client that uses Microsoft SOAP 3.0, you may notice a memory leak.

Note You notice this behavior when you set the authentication scheme for your SOAP client object to Windows Integrated authentication by using the following code:
objSoapClient.ConnectorProperty("WinHTTPAuthScheme") = 2
Note "objSoapClient" is the name of a SOAP client object.

Cause

The SOAP client object uses the Winhttp.dll component. If Windows Integrated authentication fails, a memory leak occurs in the Winhttp.dll component, and you notice the behavior that is mentioned in the "Symptoms" section.

Resolution

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language. The English version of this has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Microsoft Windows 2000 Operating Systems

 

    Date         Time   Version            Size    File name
   --------------------------------------------------------------
   27-Aug-2003  05:22  5.1.2600.1264     310,784  Winhttp.dll      
  
 
				

Microsoft Windows XP Operating Systems

 

      Date         Time   Version            Size    File name
   --------------------------------------------------------------
   21-Aug-2003  05:46  5.1.2600.1264     945,152  Winhttp.dll      
  
  
 
				

Status

Microsoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article.

More information

Steps to Reproduce the Behavior

  1. Start Microsoft Visual Studio .NET.
  2. On the File menu, point to New, and then click Project.
  3. Click Visual Basic Projects or Visual C# Projects under Project Types, and then click ASP.NET Web Service under Templates.
  4. Name the project SampleWebService.
  5. In the Service1.asmx file, uncomment the HelloWorld Web service method.
  6. On the Build menu, click Build Solution.
  7. Click Start, and then click Run.
  8. Type inetmgr in the Open box, and then click OK.
  9. In the Internet Information Services window, expand Default Web Site.
  10. Right-click SampleWebService, and then click Properties.
  11. In the SampleWebService Properties dialog box, click the Directory Security tab.
  12. Under Anonymous access and authentication control, click Edit.
  13. In the Authentication Methods dialog box, click to select the Integrated Windows authentication check box.

    Note Make sure that all the other check boxes in the Authentication Methods dialog box are cleared.
  14. Click OK two times to close the SampleWebService Properties dialog box.
  15. Close the Internet Information Services window.
  16. Start Microsoft Visual Basic 6.0.
  17. Create a Standard EXE project. By default, Form1 is created.
  18. Add a CommandButton control and a ProgressBar control to Form1. If the toolbox does not contain the ProgressBar control, follow these steps:
    1. On the Project menu, click Components.
    2. Click to select Microsoft Windows Common Controls 6.0.

      Note If the Controls tab of the Components dialog box does not contain Microsoft Windows Common Controls 6.0, click Browse, click MSCOMCTL.OCX, and then click Open.
    3. Click OK to close the Components dialog box.
  19. In the click event of the Command1 control, paste the following code:
    Dim objSoapClient As Object
    Dim wsdl As String
    Dim MySoapResponse As String
    Dim i As Long
    
    ' The wsdl variable contains the physical path of the wsdl in the client.
    wsdl = "C:\SoapClient\SoapTestSrv.wsdl"
    Set objSoapClient = CreateObject("Mssoap.SoapClient30")
    objSoapClient.MSSoapInit wsdl
    
    ' The value of AuthUser/AuthPassword must be incorrect for a memory leak to occur.
    objSoapClient.ConnectorProperty("AuthUser") = "TestUserid"
    objSoapClient.ConnectorProperty("AuthPassword") = "TestPassword"
    objSoapClient.ConnectorProperty("WinHTTPAuthScheme") = 2
    
    ' Replace ServerName with the name of the server where the Web service Service1.asmx is hosted.
    objSoapClient.ConnectorProperty("EndPointURL") = "http://ServerName/SampleWebService/Service1.asmx"
    
    For i = 1 To 500000
        On Error Resume Next
        On Error GoTo Error
        MySoapResponse = objSoapClient.HelloWorld
    
        'If you run this code, you will notice a memory leak.
        If (i Mod 500000) = 0 Then
            ProgressBar1.Value = ProgressBar1.Value + 1
        End If
    
    Error:
        MsgBox (Err.Description)
    Next
    
    Set objSoapClient = Nothing
  20. On the Run menu, click Start. Form1 is displayed.
  21. On Form1, click Command1.
Note You notice this behavior in any application that uses the Winhttp.dll component and that also uses Windows Integrated authentication.

References

For more information about authentication in WinHTTP, visit the following Microsoft Developer Network (MSDN) Web site:
http://msdn2.microsoft.com/en-us/library/aa383144.aspx
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
305965 HOW TO: Consume XML Web Service Methods by Using SOAP Toolkit 2.0

Properties

Article ID: 826216 - Last Review: June 20, 2014 - Revision: 2.0
Keywords: 
kbautohotfix kbhotfixserver kbqfe kbwebservices kbbug kbfix KB826216

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com