FIX: Winhttp.dll Causes a Memory Leak When Windows Integrated Authentication Fails
When you try to consume a Web service from a client that uses Microsoft SOAP 3.0, you may notice a memory leak.
Note You notice this behavior when you set the authentication scheme for your SOAP client object to Windows Integrated authentication by using the following code:
Note "objSoapClient" is the name of a SOAP client object.
objSoapClient.ConnectorProperty("WinHTTPAuthScheme") = 2
The SOAP client object uses the Winhttp.dll component. If Windows Integrated authentication fails, a memory leak occurs in the Winhttp.dll component, and you notice the behavior that is mentioned in the "Symptoms" section.
A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language. The English version of this has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Microsoft Windows 2000 Operating Systems
Date Time Version Size File name -------------------------------------------------------------- 27-Aug-2003 05:22 5.1.2600.1264 310,784 Winhttp.dll
Microsoft Windows XP Operating Systems
Date Time Version Size File name -------------------------------------------------------------- 21-Aug-2003 05:46 5.1.2600.1264 945,152 Winhttp.dll
Microsoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article.
Steps to Reproduce the Behavior
- Start Microsoft Visual Studio .NET.
- On the File menu, point to New, and then click Project.
- Click Visual Basic Projects or Visual C# Projects under Project Types, and then click ASP.NET Web Service under Templates.
- Name the project SampleWebService.
- In the Service1.asmx file, uncomment the HelloWorld Web service method.
- On the Build menu, click Build Solution.
- Click Start, and then click Run.
- Type inetmgr in the Open box, and then click OK.
- In the Internet Information Services window, expand Default Web Site.
- Right-click SampleWebService, and then click Properties.
- In the SampleWebService Properties dialog box, click the Directory Security tab.
- Under Anonymous access and authentication control, click Edit.
- In the Authentication Methods dialog box, click to select the Integrated Windows authentication check box.
Note Make sure that all the other check boxes in the Authentication Methods dialog box are cleared.
- Click OK two times to close the SampleWebService Properties dialog box.
- Close the Internet Information Services window.
- Start Microsoft Visual Basic 6.0.
- Create a Standard EXE project. By default, Form1 is created.
- Add a CommandButton control and a ProgressBar control to Form1. If the toolbox does not contain the ProgressBar control, follow these steps:
- On the Project menu, click Components.
- Click to select Microsoft Windows Common Controls 6.0.
Note If the Controls tab of the Components dialog box does not contain Microsoft Windows Common Controls 6.0, click Browse, click MSCOMCTL.OCX, and then click Open.
- Click OK to close the Components dialog box.
- In the click event of the Command1 control, paste the following code:
Dim objSoapClient As ObjectDim wsdl As StringDim MySoapResponse As StringDim i As Long' The wsdl variable contains the physical path of the wsdl in the client.wsdl = "C:\SoapClient\SoapTestSrv.wsdl"Set objSoapClient = CreateObject("Mssoap.SoapClient30")objSoapClient.MSSoapInit wsdl' The value of AuthUser/AuthPassword must be incorrect for a memory leak to occur.objSoapClient.ConnectorProperty("AuthUser") = "TestUserid"objSoapClient.ConnectorProperty("AuthPassword") = "TestPassword"objSoapClient.ConnectorProperty("WinHTTPAuthScheme") = 2' Replace ServerName with the name of the server where the Web service Service1.asmx is hosted.objSoapClient.ConnectorProperty("EndPointURL") = "http://ServerName/SampleWebService/Service1.asmx"For i = 1 To 500000 On Error Resume Next On Error GoTo Error MySoapResponse = objSoapClient.HelloWorld 'If you run this code, you will notice a memory leak. If (i Mod 500000) = 0 Then ProgressBar1.Value = ProgressBar1.Value + 1 End IfError: MsgBox (Err.Description)NextSet objSoapClient = Nothing
- On the Run menu, click Start. Form1 is displayed.
- On Form1, click Command1.
For more information about authentication in WinHTTP, visit the following Microsoft Developer Network (MSDN) Web site:
305965 HOW TO: Consume XML Web Service Methods by Using SOAP Toolkit 2.0
Article ID: 826216 - Last Review: 06/20/2014 08:18:00 - Revision: 2.0
- kbautohotfix kbhotfixserver kbqfe kbwebservices kbbug kbfix KB826216