In an ASP.NET MVC WEB API application I implemented Windows Authentication with custom roles by using an implementation of IIdentity. In my setup the user gets authenticated by NTLM, then we have the user name. Now there is a part in the OWIN Pipeline...