FIX: Winhttp.dll Causes a Memory Leak When Windows Integrated Authentication Fails


When you try to consume a Web service from a client that uses Microsoft SOAP 3.0, you may notice a memory leak.

Note You notice this behavior when you set the authentication scheme for your SOAP client object to Windows Integrated authentication by using the following code:
objSoapClient.ConnectorProperty("WinHTTPAuthScheme") = 2
Note "objSoapClient" is the name of a SOAP client object.


The SOAP client object uses the Winhttp.dll component. If Windows Integrated authentication fails, a memory leak occurs in the Winhttp.dll component, and you notice the behavior that is mentioned in the "Symptoms" section.


A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
The English version of this has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Microsoft Windows 2000 Operating Systems

Date Time Version Size File name
27-Aug-2003 05:22 5.1.2600.1264 310,784 Winhttp.dll

Microsoft Windows XP Operating Systems

Date Time Version Size File name
21-Aug-2003 05:46 5.1.2600.1264 945,152 Winhttp.dll


Microsoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article.

More Information

Steps to Reproduce the Behavior

  1. Start Microsoft Visual Studio .NET.
  2. On the File menu, point to
    New, and then click Project.
  3. Click Visual Basic Projects or
    Visual C# Projects under Project Types, and then click ASP.NET Web Service under
  4. Name the project
  5. In the Service1.asmx file, uncomment the
    HelloWorld Web service method.
  6. On the Build menu, click Build Solution.
  7. Click Start, and then click
  8. Type inetmgr in the
    Open box, and then click OK.
  9. In the Internet Information Serviceswindow, expand Default Web Site.
  10. Right-click SampleWebService, and then click Properties.
  11. In the SampleWebService Properties dialog box, click the Directory Security tab.
  12. Under Anonymous access and authentication control, click Edit.
  13. In the Authentication Methods dialog box, click to select the Integrated Windows authentication check box.

    Note Make sure that all the other check boxes in the
    Authentication Methods dialog box are cleared.
  14. Click OK two times to close the
    SampleWebService Properties dialog box.
  15. Close the Internet Information Serviceswindow.
  16. Start Microsoft Visual Basic 6.0.
  17. Create a Standard EXE project. By default, Form1 is created.
  18. Add a CommandButton control and a
    ProgressBar control to Form1. If the toolbox does not contain the ProgressBar control, follow these steps:
    1. On the Project menu, click
    2. Click to select Microsoft Windows Common Controls 6.0.

      Note If the Controls tab of the
      Components dialog box does not contain Microsoft Windows Common Controls 6.0, click Browse, click
      MSCOMCTL.OCX, and then click Open.
    3. Click OK to close the
      Components dialog box.
  19. In the click event of the Command1 control, paste the following code:
    Dim objSoapClient As Object
    Dim wsdl As String
    Dim MySoapResponse As String
    Dim i As Long

    ' The wsdl variable contains the physical path of the wsdl in the client.
    wsdl = "C:\SoapClient\SoapTestSrv.wsdl"
    Set objSoapClient = CreateObject("Mssoap.SoapClient30")
    objSoapClient.MSSoapInit wsdl

    ' The value of AuthUser/AuthPassword must be incorrect for a memory leak to occur.
    objSoapClient.ConnectorProperty("AuthUser") = "TestUserid"
    objSoapClient.ConnectorProperty("AuthPassword") = "TestPassword"
    objSoapClient.ConnectorProperty("WinHTTPAuthScheme") = 2

    ' Replace ServerName with the name of the server where the Web service Service1.asmx is hosted.
    objSoapClient.ConnectorProperty("EndPointURL") = "http://ServerName/SampleWebService/Service1.asmx"

    For i = 1 To 500000
    On Error Resume Next
    On Error GoTo Error
    MySoapResponse = objSoapClient.HelloWorld

    'If you run this code, you will notice a memory leak.
    If (i Mod 500000) = 0 Then
    ProgressBar1.Value = ProgressBar1.Value + 1
    End If

    MsgBox (Err.Description)

    Set objSoapClient = Nothing
  20. On the Run menu, click
    Start. Form1 is displayed.
  21. On Form1, click Command1.
Note You notice this behavior in any application that uses the Winhttp.dll component and that also uses Windows Integrated authentication.


For more information about authentication in WinHTTP, visit the following Microsoft Developer Network (MSDN) Web site: For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
305965 HOW TO: Consume XML Web Service Methods by Using SOAP Toolkit 2.0


ID článku: 826216 - Poslední kontrola: 20. 6. 2014 - Revize: 1

Váš názor