accept empty realm for digest auth (#56369) (#56455)

* accept empty realm for digest auth (#56369)

* accept empty realm for digest auth (#56369)

* accept empty realm for digest auth (#56369)

* accept empty realm for digest auth (#56369)

Co-authored-by: Luca Bompani <luca.bompani@unibo.it>

diff --git a/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.Authentication.cs b/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.Authentication.cs
index f7ccc31..41718d3 100644 (file)
--- a/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.Authentication.cs
+++ b/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.Authentication.cs
@@ -99,6 +99,7 @@ namespace System.Net.Http.Functional.Tests
             {
                 yield return new object[] { "Digest realm=\"testrealm\",nonce=\"6afd170437eb5144258b308f7c491d96\",opaque=\"\",stale=FALSE,algorithm=MD5,qop=\"auth\"", true };
                 yield return new object[] { "Digest realm=\"testrealm\", domain=\"\", nonce=\"NA42+vpOFQd1GwCyVRZuhhy+jDn4BMRl\", algorithm=MD5, qop=\"auth\", stale=false", true };
+                yield return new object[] { "Digest realm=\"\", nonce=\"NA42+vpOFQd1GwCyVRZuhhy+jDn4BMRl\", algorithm=MD5, qop=\"auth\", stale=false", true };
             }
         }
 

diff --git a/src/libraries/Common/tests/System/Net/Http/LoopbackServer.AuthenticationHelpers.cs b/src/libraries/Common/tests/System/Net/Http/LoopbackServer.AuthenticationHelpers.cs
index bfb2ccb..4f322c8 100644 (file)
--- a/src/libraries/Common/tests/System/Net/Http/LoopbackServer.AuthenticationHelpers.cs
+++ b/src/libraries/Common/tests/System/Net/Http/LoopbackServer.AuthenticationHelpers.cs
@@ -150,7 +150,7 @@ namespace System.Net.Test.Common
                     }
 
                     // Realm is mandatory.
-                    if (string.IsNullOrEmpty(realm))
+                    if (realm == null)
                         return false;
                 }
                 else if (trimmedValue.StartsWith(nameof(cnonce)))

diff --git a/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.Digest.cs b/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.Digest.cs
index c44dac7..234ca13 100644 (file)
--- a/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.Digest.cs
+++ b/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.Digest.cs
@@ -104,8 +104,7 @@ namespace System.Net.Http
             }
 
             // Add realm
-            if (realm != string.Empty)
-                sb.AppendKeyValue(Realm, realm);
+            sb.AppendKeyValue(Realm, realm);
 
             // Add nonce
             sb.AppendKeyValue(Nonce, nonce);
@@ -407,9 +406,11 @@ namespace System.Net.Http
                         break;
 
                     // Ensure value is valid.
-                    // Opaque and Domain can have empty string
+                    // Opaque, Domain and Realm can have empty string
                     if (value == string.Empty &&
-                       (!key.Equals(Opaque, StringComparison.OrdinalIgnoreCase) && !key.Equals(Domain, StringComparison.OrdinalIgnoreCase)))
+                        !key.Equals(Opaque, StringComparison.OrdinalIgnoreCase) &&
+                        !key.Equals(Domain, StringComparison.OrdinalIgnoreCase) &&
+                        !key.Equals(Realm, StringComparison.OrdinalIgnoreCase))
                         break;
 
                     // Add the key-value pair to Parameters.