Telegram Web App Bot data validation (initData) in .NET/C#

validateInitData.cs

using System.Collections.Specialized;
using System.Security.Cryptography;
using System.Text;
using System.Web;

/// <summary>
///     Validates init data passed to Telegram WebApp.
/// </summary>
/// <param name="initData">
///     String received from Telegram WebApp. Accessible via Telegram.WebApp.initData on the web.
/// </param>
/// <param name="botToken">
///     Current token of the bot that was used to open WebApp.
/// </param>
/// <returns>
///     True if data is valid, otherwise false.
/// </returns>
public static bool ValidateInitData(string initData, string botToken)
{
    NameValueCollection data = HttpUtility.ParseQueryString(initData);

    var hash = data["hash"];
    data.Remove("hash");

    var checkString = string.Join("\n", data.AllKeys.OrderBy(key => key).Select(key => $"{key}={data[key]}"));
    var hmacKey = new HMACSHA256(Encoding.UTF8.GetBytes("WebAppData"));
    var secretKey = hmacKey.ComputeHash(Encoding.UTF8.GetBytes(botToken));
    var hashKey = new HMACSHA256(secretKey);
    var hashBytes = hashKey.ComputeHash(Encoding.UTF8.GetBytes(checkString));
    var computedHash = BitConverter.ToString(hashBytes).Replace("-", "").ToLower();

    return computedHash.Equals(hash);
}