According to this links spec rfc2617 separating with a comma does seem valid.
"It uses an extensible, case-insensitive token to identify the authentication scheme, followed by a comma-separated list of attribute-value pairs which carry the parameters necessary for achieving authentication via that scheme."
But therein it suggests you are quite possible setting them incorrectly, they must be of the form "attribute-value pairs":
auth-param = token "=" ( token | quoted-string )
How exactly are you setting them?
httpClient.DefaultRequestHeaders.Add("Authorization", "aaaa,bbbb");
The above is seemingly invalid, they are not attribute pairs "aaaa,bbbb". There is no = sign for either attribute you are attempting to set.
Try the following as a test:
httpClient.DefaultRequestHeaders.Add("Authorization", "aaaa=1234,bbbb=45678");