I don't have a .Net code snippet to share, but the algorithm can be seen in Ruby and PHP here: https://help.shopify.com/en/api/getting-started/webhooks#verify-webhook
You are correct in that you use the shared_secret as set in your partner dashboard to validate the HMAC. In the example, `data` is the stringified JSON, and the actual values being compared are the Base64 representations of the HMAC, so make sure you encode your HMAC as Base64 before comparing.
Cheers.
