private static void ValidateNtlmResponse(HttpContext context, string password,
NtlmAuthenticationMessage authMessage, byte[] challenge)
{
var hexExpectNtlmRes = authMessage.NtlmResponseData.BytesToHex();
var hexNtlmRes = NtlmResponses.GetNtlmResponse(password, challenge).BytesToHex();
if (!hexExpectNtlmRes.Equals(hexNtlmRes, StringComparison.InvariantCultureIgnoreCase))
{
SendUnauthorized(context);
}
else
{
MarkAsLogon(context);
}
}
private static void ValidateNtlmV2Response(HttpContext context, string userName, string password,
NtlmAuthenticationMessage authMessage, byte[] challenge)
{
var expectHmac = authMessage.NtlmResponseData.NewCopy(0, 16);
var expectBlob = authMessage.NtlmResponseData.NewCopy(16);
var hexExpectHmac = expectHmac.BytesToHex();
var actualHmac = NtlmResponses.GetNtlmV2ResponseHash(
authMessage.TargetName, userName, password, expectBlob, challenge);
var hexActualHmac = actualHmac.BytesToHex();
if (!hexExpectHmac.Equals(hexActualHmac, StringComparison.InvariantCultureIgnoreCase))
{
SendUnauthorized(context);
}
else
{
MarkAsLogon(context);
}
}
