accept empty realm for digest auth (dotnet#56369) (dotnet#56455)

* accept empty realm for digest auth (dotnet#56369)

* accept empty realm for digest auth (dotnet#56369)

* accept empty realm for digest auth (dotnet#56369)

* accept empty realm for digest auth (dotnet#56369)

Co-authored-by: Luca Bompani <luca.bompani@unibo.it>
(cherry picked from commit b0cea40)

src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.Authentication.cs

@@ -99,6 +99,7 @@ public static IEnumerable<object[]> Authentication_SocketsHttpHandler_TestData()
             {
                 yield return new object[] { "Digest realm=\"testrealm\",nonce=\"6afd170437eb5144258b308f7c491d96\",opaque=\"\",stale=FALSE,algorithm=MD5,qop=\"auth\"", true };
                 yield return new object[] { "Digest realm=\"testrealm\", domain=\"\", nonce=\"NA42+vpOFQd1GwCyVRZuhhy+jDn4BMRl\", algorithm=MD5, qop=\"auth\", stale=false", true };
+                yield return new object[] { "Digest realm=\"\", nonce=\"NA42+vpOFQd1GwCyVRZuhhy+jDn4BMRl\", algorithm=MD5, qop=\"auth\", stale=false", true };
             }
         }
 

src/libraries/Common/tests/System/Net/Http/LoopbackServer.AuthenticationHelpers.cs

@@ -150,7 +150,7 @@ internal static bool IsDigestAuthTokenValid(string clientResponse, string reques
                     }
 
                     // Realm is mandatory.
-                    if (string.IsNullOrEmpty(realm))
+                    if (realm == null)
                         return false;
                 }
                 else if (trimmedValue.StartsWith(nameof(cnonce)))

src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.Digest.cs

@@ -104,8 +104,7 @@ internal partial class AuthenticationHelper
             }
 
             // Add realm
-            if (realm != string.Empty)
-                sb.AppendKeyValue(Realm, realm);
+            sb.AppendKeyValue(Realm, realm);
 
             // Add nonce
             sb.AppendKeyValue(Nonce, nonce);
@@ -407,9 +406,11 @@ private unsafe void Parse(string challenge)
                         break;
 
                     // Ensure value is valid.
-                    // Opaque and Domain can have empty string
+                    // Opaque, Domain and Realm can have empty string
                     if (value == string.Empty &&
-                       (!key.Equals(Opaque, StringComparison.OrdinalIgnoreCase) && !key.Equals(Domain, StringComparison.OrdinalIgnoreCase)))
+                        !key.Equals(Opaque, StringComparison.OrdinalIgnoreCase) &&
+                        !key.Equals(Domain, StringComparison.OrdinalIgnoreCase) &&
+                        !key.Equals(Realm, StringComparison.OrdinalIgnoreCase))
                         break;
 
                     // Add the key-value pair to Parameters.