Digest challenge - domain fails with empty string

[gao-artur]

The issue is similar to #32943 but this time about domain key. For example:

www-authenticate: Digest realm="MMS Public API", domain="", nonce="NA42+vpOFQd1GwCyVRZuhhy+jDn4BMRl", algorithm=MD5, qop="auth", stale=false

will fail with error Nonce missing

RFC7616 explicitly says domain can be empty

If this parameter is
omitted or its value is empty, the client SHOULD assume that the
protection space consists of all URIs on the web-origin.

Tagging subscribers to this area: @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

Issue Details

---

The issue is similar to #32943 but this time about domain key. For example:

www-authenticate: Digest realm="MMS Public API", domain="", nonce="NA42+vpOFQd1GwCyVRZuhhy+jDn4BMRl", algorithm=MD5, qop="auth", stale=false

will fail with error Nonce missing

RFC7616 explicitly says domain can be empty

If this parameter is
omitted or its value is empty, the client SHOULD assume that the
protection space consists of all URIs on the web-origin.

Author:	gao-artur
Assignees:	-
Labels:	area-System.Net, untriaged
Milestone:	-

[wfurt]

yes, the empty domain does seems like the culprit. I think it make sense to treat empty domain as missing.

[gao-artur]

@wfurt thanks for confirming!
Just want to add that this issue is critical for users of .Net 5 and Atlas MongoDB. In .Net Core 3.1 it was possible to workaround this with AppContext.SetSwitch("System.Net.Http.UseSocketsHttpHandler", false); but it doesn't work anymore in .Net 5.

[wfurt]

Yah, old handler is gone. I wish it was brought up when found broken with 3.1 instead of using the workaround.