Sorry, I didn’t read the question carefully enough. Unfortunately, I don’t believe you can do this out-of-the-box. There is an HttpListenerHost provided by OpenRasta which encapsulates a System.Net.HttpListener instance as a private variable. See the code in this forum thread to see how to use the HttpListenerHost in a Console app. If the HttpListener variable were public or at least protected it should be a simple matter of setting the AuthenticationSchemes property along the lines of this code:

var host = new HttpListenerHost();
host.Listener.AuthenticationSchemes = AuthenticationSchemes.Ntlm;

If you really need this capability, you can get the source for OpenRasta and update it to expose the underlying HttpListener variable so you can configure it to your heart’s content.

===================>>
ORIGINAL ANSWER FOR IIS:

First you create a standard WebForms or MVC project configured for OpenRasta as shown in the Getting Start wiki page. Next, configure the project as described in this Wrox article to support Windows authentication. Supporting Windows authentication will enable both NTLM & Kerberos authentication.