Background

Our asp.net webapp has grown and now has 6 different methods of authentication, with more on the horizon. I want to standardize these methods and extract each into an independent plugin which can be disabled/enabled at will (and possibly even configured from within the app). That’s also necessary because at least one of the methods is client-specific and uses a DLL supplied by said client, which should not be distributed to other clients.

Problem

As I’m trying to create a plugin mechanism for authentication methods, I’m faced with a particular method which is Windows Authentication. Normally it works by enabling Windows Authentication in IIS, but since it should be an independent plugin I’d like to avoid it modifying web.config and/or IIS config. So, assuming that Windows Authentication is turned off by default in IIS (only anonymous for everything), is there any way I can get my plugin to work? Can I somehow tell IIS from within my ASP.NET application that I’d like to get Windows authentication on a particular URL/request?