My Windows based application ( basically an HTTP/1.1 proxy server) listens for requests from various users. Presently it is able to send a 407 Basic Challenge, and process the response from the Headers. I know I must modify the challenge headers, so that the client browsers make an NTLM based response for the purpose of authentication. But my question is - how do I generate the correct tokens, nonce, etc. for the 407 Authentication Challenge, and then how do I validate if the received responses are correct? Finally I would like to record the client's username and other LDAP / ADS properties if possible.

Please be kind, and redirect me to the correct posts if there are already any threads that discuss something similar. Most research on the WWW leads me only to the client-side programming, very little or almost none - for the coding that must be done in the HTTP server.

All of you great hacks around here, a BIG thanks in advance.