private static void ValidateNtlmResponse(HttpContext context, string password,
                                                 NtlmAuthenticationMessage authMessage, byte[] challenge)
        {
            var hexExpectNtlmRes = authMessage.NtlmResponseData.BytesToHex();
            var hexNtlmRes       = NtlmResponses.GetNtlmResponse(password, challenge).BytesToHex();

            if (!hexExpectNtlmRes.Equals(hexNtlmRes, StringComparison.InvariantCultureIgnoreCase))
            {
                SendUnauthorized(context);
            }
            else
            {
                MarkAsLogon(context);
            }
        }
        private static void ValidateNtlmV2Response(HttpContext context, string userName, string password,
                                                   NtlmAuthenticationMessage authMessage, byte[] challenge)
        {
            var expectHmac    = authMessage.NtlmResponseData.NewCopy(0, 16);
            var expectBlob    = authMessage.NtlmResponseData.NewCopy(16);
            var hexExpectHmac = expectHmac.BytesToHex();

            var actualHmac = NtlmResponses.GetNtlmV2ResponseHash(
                authMessage.TargetName, userName, password, expectBlob, challenge);
            var hexActualHmac = actualHmac.BytesToHex();

            if (!hexExpectHmac.Equals(hexActualHmac, StringComparison.InvariantCultureIgnoreCase))
            {
                SendUnauthorized(context);
            }
            else
            {
                MarkAsLogon(context);
            }
        }