runtime: Digest challenge - realm fails with empty string
The issue is similar to #50283 but this time about realm key. For example:
WWW-Authenticate : Digest realm="", nonce="NjBGRkMxNjUgY2FiN2YxZDM1MWM4ZDAyOTRiMmY2ZGVjOGMxMDY2Zjg=", algorithm="MD5", qop="auth"
will fail with error Nonce missing
RFC7616 says realm SHOULD contain al least the name of the server, but not MUST contain, so it doesn’t exclude an empty realm
This string should contain at least the name of the host performing the authentication
and might additionally indicate the collection of users who might have access.
This lines of method Parse in class System.Net.Http.AuthenticationHelper.DigestResponse
// Ensure value is valid.
// Opaque and Domain can have empty string
if (value == string.Empty &&
(!key.Equals(Opaque, StringComparison.OrdinalIgnoreCase) && !key.Equals(Domain, StringComparison.OrdinalIgnoreCase)))
break;
should be modified to allow empty Realm value
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Comments: 20 (11 by maintainers)
Commits related to this issue
- accept empty realm for digest auth (#56369) — committed to camillo-toselli/runtime by deleted user 3 years ago
- accept empty realm for digest auth (#56369) — committed to camillo-toselli/runtime by deleted user 3 years ago
- accept empty realm for digest auth (#56369) — committed to camillo-toselli/runtime by deleted user 3 years ago
- accept empty realm for digest auth (#56369) — committed to camillo-toselli/runtime by deleted user 3 years ago
- accept empty realm for digest auth (#56369) (#56455) * accept empty realm for digest auth (#56369) * accept empty realm for digest auth (#56369) * accept empty realm for digest auth (#56369) ... — committed to dotnet/runtime by camillo-toselli 3 years ago
- Merge remote-tracking branch 'origin/main' into thays_fix_debugger_break # By Camillo Toselli (1) and others # Via GitHub * origin/main: add RID for Debian 11 (#56789) [wasm] [debugger] Skip thre... — committed to thaystg/runtime by thaystg 3 years ago
- Merge remote-tracking branch 'origin/main' into thays_implement_debugger_proxy_attribute * origin/main: (340 commits) add RID for Debian 11 (#56789) [wasm] [debugger] Skip thread static field (#5... — committed to thaystg/runtime by thaystg 3 years ago
- accept empty realm for digest auth (#56369) (#56455) * accept empty realm for digest auth (#56369) * accept empty realm for digest auth (#56369) * accept empty realm for digest auth (#56369) * acc... — committed to camillo-toselli/runtime by camillo-toselli 3 years ago
- accept empty realm for digest auth (#56369) (#56455) * accept empty realm for digest auth (#56369) * accept empty realm for digest auth (#56369) * accept empty realm for digest auth (#56369) * acc... — committed to camillo-toselli/runtime by camillo-toselli 3 years ago
- accept empty realm for digest auth (#56369) (#56455) * accept empty realm for digest auth (#56369) * accept empty realm for digest auth (#56369) * accept empty realm for digest auth (#56369) * acc... — committed to camillo-toselli/runtime by camillo-toselli 3 years ago
- accept empty realm for digest auth (#56369) (#56455) * accept empty realm for digest auth (#56369) * accept empty realm for digest auth (#56369) * accept empty realm for digest auth (#56369) * acc... — committed to camillo-toselli/runtime by camillo-toselli 3 years ago
- accept empty realm for digest auth (#56369) — committed to dotnet/runtime by deleted user 3 years ago
- accept empty realm for digest auth (#56369) — committed to dotnet/runtime by deleted user 3 years ago
- accept empty realm for digest auth (#56369) — committed to dotnet/runtime by deleted user 3 years ago
- accept empty realm for digest auth (#56369) — committed to dotnet/runtime by deleted user 3 years ago
- [release/5.0] accept empty realm for digest auth (#56369) (#61203) * accept empty realm for digest auth (#56369) * accept empty realm for digest auth (#56369) * accept empty realm for digest au... — committed to dotnet/runtime by github-actions[bot] 3 years ago
- accept empty realm for digest auth (#56369) (#56455) * accept empty realm for digest auth (#56369) * accept empty realm for digest auth (#56369) * accept empty realm for digest auth (#56369) * acc... — committed to camillo-toselli/runtime by camillo-toselli 3 years ago
I can confirm that the PR build resolves our problem. Thanks.