In HttpHaveIBeenPwnedClient.IsPwnedPasswordInternalAsync(string, CancellationToken) we only observe the CancellationToken when requesting data from the HaveIBeenPwned.com service. However, after that we read the complete response and while doing that we ignore the CancellationToken.
Suggestion: Call cancellationToken.ThrowIfCancellationRequested() in the response parsing loop.
In
HttpHaveIBeenPwnedClient.IsPwnedPasswordInternalAsync(string, CancellationToken)we only observe theCancellationTokenwhen requesting data from the HaveIBeenPwned.com service. However, after that we read the complete response and while doing that we ignore theCancellationToken.Suggestion: Call
cancellationToken.ThrowIfCancellationRequested()in the response parsing loop.