How does the NTLM authentication process work over the HTTP protocol?

The client sends a GET request, and the server returns a 401 status requesting NTLM authentication. The client then sends a negotiation message, the server responds with a 16-byte random challenge, and the client encrypts this challenge using the user's password hash to generate a response. The server compares the response to authenticate the user. This process is similar to the SMB-based NTLM flow, as detailed in the article.