System.DirectoryServices.AccountManagment 中的 FindByIdentity 内存问题
我正在开发一个活动目录管理应用程序。除了典型的创建新用户、启用/禁用帐户、重置密码等功能之外,它还管理所有客户端 Web 应用程序的应用程序权限。应用程序管理由数千个 AD 组处理,例如由应用程序、部分和站点的 3 个字母代码构建的 AD 组,还有数百个 AD 组确定协调员可以向哪些应用程序和位置授予权限。所有这些组又属于其他组,因此我通常使用 MemberOf 属性过滤组列表,以查找用户直接所属的组(或每个人都有权执行所有操作)。我在整个应用程序的 31 个位置使用 FindByIdentity 方法广泛使用了 System.DirectoryServices.AccountManagment 命名空间。此方法调用内部 ADStoreCtx 类上的私有方法 FindPrincipalByIdentRefHelper。 SearchResultCollection 已创建但未释放,因此最终通常每天会出现一次或两次 Web 服务器耗尽内存,并且 Web 服务器上的所有应用程序都会停止响应,直到重置 iis,因为 com 对象使用的资源不会被释放。
在某些地方我会退回到底层目录对象,但在很多地方我会使用主体上的属性 - 与在 .Net 2.0 目录服务代码中使用深奥的广告属性名称相比,这是一个巨大的改进。
我已经就这个问题联系了微软,它已经在 .Net 4.0 中得到修复,但他们目前没有计划在 3.5 中修复它,除非社区对此感兴趣。
我只在社区内容状态的 MDSN 文档的几个地方找到了有关它的信息,
底部存在内存泄漏(我想我应该在使用该方法之前阅读该内容)
http://msdn.microsoft.com/en-us/library/bb345628.aspx
以及有问题的课程是内部的,不会在有问题的方法之外公开 SearchResultsCollection,因此我无法获取结果来处理它们或从类继承并重写该方法。
所以我的问题是
还有其他人遇到过这个问题吗?如果是这样,你能解决这个问题吗?
除了不使用任何 .Net 3.5 活动目录代码重写应用程序之外,我还有其他选择吗?
谢谢
I'm working on an active directory managament application. In addition to the typical Create A New User, Enable/Disable an account, reset my password etc. it also managages application permissions for all of the clients web applications. Application management is handled by thousands of AD groups such as which are built from 3 letter codes for the application, section and site, there are also hundreds of AD groups which determine which applications and locations a coordinator can grant rights to. All of these groups in turn belong to other groups so I typically filter the groups list with the MemberOf property to find the groups that a user directly belongs to (or everyone has rights to do everything). I've made extensive use of the System.DirectoryServices.AccountManagment namespace using the FindByIdentity method in 31 places throughout the application. This method calls a private method FindPrincipalByIdentRefHelper on the internal ADStoreCtx class. A SearchResultCollection is created but not disposed so eventually typically once or twice a day the web server runs out of memory and all of the applications on the web server stop responsing until iis is reset because the resources used by the com objects aren't ever relased.
There are places where I fall back to the underlying directory objects, but there are lot of places where I'm using the properties on the Principal - it's a vast improvement over using the esoteric ad property names in the .Net 2.0 Directory services code.
I've contacted microsoft about the problem and it's been fixed in .Net 4.0 but they don't currently have plans to fix it in 3.5 unless there is intrest in the community about it.
I only found information about it in a couple of places
the MDSN documentation in the community content state's there is a memory leak at the bottom (guess I should have read that before using the the method)
http://msdn.microsoft.com/en-us/library/bb345628.aspx
And the class in question is internal and doesn't expose SearchResultsCollection outside the offending method so I can't get at the results to dispose them or inherit from the class and override the method.
So my questions are
Has anyone else encountered this problem? If so were you able to work around it?
Do I have any option besides rewriting the application not using any of the .Net 3.5 active directory code?
Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我遇到了同样的错误,不,除了使用 DirectoryEntry 方法之外,我没有其他解决方法。
I have encountered the same error, and no, I don't have a workaround other than using the DirectoryEntry approach.
将对 Directorysearcher 的调用包装在 using 块内,并将 resultcollection 包装在 using 块内,并对结果显式调用 .Dispose() 。请参阅此处的答案:
使用PrincipalSearcher.FindAll()时出现内存泄漏
Wrap your calls to directorysearcher inside a using block and also wrap the resultcollection inside a using block and call .Dispose() on the results explicitly. See answer here:
Memory Leak when using PrincipalSearcher.FindAll()