Closed
Description
The issue is similar to #50283 but this time about realm key. For example:
WWW-Authenticate : Digest realm="", nonce="NjBGRkMxNjUgY2FiN2YxZDM1MWM4ZDAyOTRiMmY2ZGVjOGMxMDY2Zjg=", algorithm="MD5", qop="auth"
will fail with error Nonce missing
RFC7616 says realm SHOULD contain al least the name of the server, but not MUST contain, so it doesn't exclude an empty realm
This string should contain at least the name of the host performing the authentication
and might additionally indicate the collection of users who might have access.
This lines of method Parse in class System.Net.Http.AuthenticationHelper.DigestResponse
// Ensure value is valid.
// Opaque and Domain can have empty string
if (value == string.Empty &&
(!key.Equals(Opaque, StringComparison.OrdinalIgnoreCase) && !key.Equals(Domain, StringComparison.OrdinalIgnoreCase)))
break;should be modified to allow empty Realm value