Check that the authorization header is providing Digest credentials

mconnew · StephenBonikowsky · commit a0837bcca018 · 2018-03-26T16:11:42.000-07:00
diff --git a/src/System.Private.ServiceModel/tools/IISHostedWcfService/App_code/DigestServiceAuthorizationManager.cs b/src/System.Private.ServiceModel/tools/IISHostedWcfService/App_code/DigestServiceAuthorizationManager.cs
@@ -145,7 +145,7 @@ public DigestAuthenticationState(OperationContext operationContext, string realm
                 _password = null;
                 _authorized = new bool?();
                 _authorizationHeader = GetAuthorizationHeader(operationContext, out _method);
-                if (_authorizationHeader.Length < DigestAuthenticationMechanismLength)
+                if (_authorizationHeader.Length < DigestAuthenticationMechanismLength || !_authorizationHeader.StartsWith(DigestAuthenticationMechanism))
                 {
                     _authorized = false;
                     _nonceString = string.Empty;

Original file line number	Diff line number	Diff line change
`@@ -145,7 +145,7 @@ public DigestAuthenticationState(OperationContext operationContext, string realm`
`145`	`145`	`_password = null;`
`146`	`146`	`_authorized = new bool?();`
`147`	`147`	`_authorizationHeader = GetAuthorizationHeader(operationContext, out _method);`
`148`		`- if (_authorizationHeader.Length < DigestAuthenticationMechanismLength)`
	`148`	`+ if (_authorizationHeader.Length < DigestAuthenticationMechanismLength \|\| !_authorizationHeader.StartsWith(DigestAuthenticationMechanism))`
`149`	`149`	`{`
`150`	`150`	`_authorized = false;`
`151`	`151`	`_nonceString = string.Empty;`