From what I saw in the source code RequiresAuthentication() does an Authentication check for the whole module. Is there any way to do this per Route?

I had the same problem. However it turns out the RequiresAuthentication works at both the module level and the route level. To demonstrate, here is some code ripped out my current project (not all routes shown for brevity).

public class RegisterModule : _BaseModule
{
    public RegisterModule() : base("/register")
    {
        Get["/basic-details"] = _ => View["RegisterBasicDetailsView", Model];

        Get["/select"] = _ =>
            {
                this.RequiresAuthentication();
                return View["RegisterSelectView", Model];
            };
    }
}

Of course the only problem with doing it this way is that all the protected routes in the module need to call RequiresAuthentication. In the case of my module above, I have another 5 routes (not shown) all of which need protecting, so that makes six calls to RequiresAuthentication instead of one at the module level. The alternative would be to pull the unprotected route into another module, but my judgement was that a proliferation of modules is worse than the additional RequiresAuthentication calls.

namespace Kallist.Modules {

    #region Namespaces

    using System;
    using Nancy;

    #endregion

    public static class ModuleExtensions {

        #region Methods

        public static Response WithAuthentication(this NancyModule module, Func<Response> executeAuthenticated) {
            if ((module.Context.CurrentUser != null) && !string.IsNullOrWhiteSpace(module.Context.CurrentUser.UserName)) {
                return executeAuthenticated();
            }
            return new Response { StatusCode = HttpStatusCode.Unauthorized };
        }

        #endregion

    }
}

I ran into the same issue, here's how I solved it.

        var module = new MyModule();
        module.AddBeforeHookOrExecute(context => null, "Requires Authentication");
        _browser = new Browser(with =>
            {
                with.Module(module);
                with.RequestStartup((container, pipelines, ctx) =>
                    {
                        ctx.CurrentUser = new User { UserId = "1234", UserName = "test"};
                    });
            });

I can now use this.RequiresAuthentication() at the module level and run my unit tests.