From ce5e892e5f5f045977689fa00c17703333899e8b Mon Sep 17 00:00:00 2001 From: Luca Bompani Date: Wed, 28 Jul 2021 11:50:17 +0200 Subject: [PATCH 1/4] accept empty realm for digest auth (#56369) --- .../System/Net/Http/HttpClientHandlerTest.Authentication.cs | 1 + .../Net/Http/SocketsHttpHandler/AuthenticationHelper.Digest.cs | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.Authentication.cs b/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.Authentication.cs index f7ccc3127e9ab..41718d37eb869 100644 --- a/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.Authentication.cs +++ b/src/libraries/Common/tests/System/Net/Http/HttpClientHandlerTest.Authentication.cs @@ -99,6 +99,7 @@ public static IEnumerable Authentication_SocketsHttpHandler_TestData() { yield return new object[] { "Digest realm=\"testrealm\",nonce=\"6afd170437eb5144258b308f7c491d96\",opaque=\"\",stale=FALSE,algorithm=MD5,qop=\"auth\"", true }; yield return new object[] { "Digest realm=\"testrealm\", domain=\"\", nonce=\"NA42+vpOFQd1GwCyVRZuhhy+jDn4BMRl\", algorithm=MD5, qop=\"auth\", stale=false", true }; + yield return new object[] { "Digest realm=\"\", nonce=\"NA42+vpOFQd1GwCyVRZuhhy+jDn4BMRl\", algorithm=MD5, qop=\"auth\", stale=false", true }; } } diff --git a/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.Digest.cs b/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.Digest.cs index c44dac794eeef..7b9dc678c84bf 100644 --- a/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.Digest.cs +++ b/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.Digest.cs @@ -409,7 +409,8 @@ private void Parse(string challenge) // Ensure value is valid. // Opaque and Domain can have empty string if (value == string.Empty && - (!key.Equals(Opaque, StringComparison.OrdinalIgnoreCase) && !key.Equals(Domain, StringComparison.OrdinalIgnoreCase))) + (!key.Equals(Opaque, StringComparison.OrdinalIgnoreCase) && !key.Equals(Domain, StringComparison.OrdinalIgnoreCase) && + !key.Equals(Realm, StringComparison.OrdinalIgnoreCase))) break; // Add the key-value pair to Parameters. From c980ae6078f629d75eb52966e193a7d1e103aadf Mon Sep 17 00:00:00 2001 From: Luca Bompani Date: Thu, 29 Jul 2021 12:08:53 +0200 Subject: [PATCH 2/4] accept empty realm for digest auth (#56369) --- .../SocketsHttpHandler/AuthenticationHelper.Digest.cs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.Digest.cs b/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.Digest.cs index 7b9dc678c84bf..86cfb3c89c51d 100644 --- a/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.Digest.cs +++ b/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.Digest.cs @@ -104,8 +104,7 @@ internal static partial class AuthenticationHelper } // Add realm - if (realm != string.Empty) - sb.AppendKeyValue(Realm, realm); + sb.AppendKeyValue(Realm, realm); // Add nonce sb.AppendKeyValue(Nonce, nonce); @@ -407,9 +406,10 @@ private void Parse(string challenge) break; // Ensure value is valid. - // Opaque and Domain can have empty string + // Opaque, Domain and Realm can have empty string if (value == string.Empty && - (!key.Equals(Opaque, StringComparison.OrdinalIgnoreCase) && !key.Equals(Domain, StringComparison.OrdinalIgnoreCase) && + (!key.Equals(Opaque, StringComparison.OrdinalIgnoreCase) && + !key.Equals(Domain, StringComparison.OrdinalIgnoreCase) && !key.Equals(Realm, StringComparison.OrdinalIgnoreCase))) break; From e965f6c56b0e0448b4b18c121e1d9c46120aa289 Mon Sep 17 00:00:00 2001 From: Luca Bompani Date: Thu, 29 Jul 2021 13:05:43 +0200 Subject: [PATCH 3/4] accept empty realm for digest auth (#56369) --- .../Http/SocketsHttpHandler/AuthenticationHelper.Digest.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.Digest.cs b/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.Digest.cs index 86cfb3c89c51d..234ca135aa9bd 100644 --- a/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.Digest.cs +++ b/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.Digest.cs @@ -408,9 +408,9 @@ private void Parse(string challenge) // Ensure value is valid. // Opaque, Domain and Realm can have empty string if (value == string.Empty && - (!key.Equals(Opaque, StringComparison.OrdinalIgnoreCase) && + !key.Equals(Opaque, StringComparison.OrdinalIgnoreCase) && !key.Equals(Domain, StringComparison.OrdinalIgnoreCase) && - !key.Equals(Realm, StringComparison.OrdinalIgnoreCase))) + !key.Equals(Realm, StringComparison.OrdinalIgnoreCase)) break; // Add the key-value pair to Parameters. From 26bd6375a5a21c87c4d596d9b32aa2b947601bfb Mon Sep 17 00:00:00 2001 From: Luca Bompani Date: Fri, 30 Jul 2021 12:07:06 +0200 Subject: [PATCH 4/4] accept empty realm for digest auth (#56369) --- .../System/Net/Http/LoopbackServer.AuthenticationHelpers.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libraries/Common/tests/System/Net/Http/LoopbackServer.AuthenticationHelpers.cs b/src/libraries/Common/tests/System/Net/Http/LoopbackServer.AuthenticationHelpers.cs index bfb2ccb46be1a..4f322c8cb6a97 100644 --- a/src/libraries/Common/tests/System/Net/Http/LoopbackServer.AuthenticationHelpers.cs +++ b/src/libraries/Common/tests/System/Net/Http/LoopbackServer.AuthenticationHelpers.cs @@ -150,7 +150,7 @@ internal static bool IsDigestAuthTokenValid(string clientResponse, string reques } // Realm is mandatory. - if (string.IsNullOrEmpty(realm)) + if (realm == null) return false; } else if (trimmedValue.StartsWith(nameof(cnonce)))