BAD IMPERSONATION in IIS Express with Basic Auth for all static requests

We are attempting to use Basic Authentication in a project, which generally works fine in our integration and QA environment or even running locally with IIS 7.5. But running locally in IIS Express we get some very strange issues -- any static requests result in cryptic HTTP 500 errors telling us that there was an error accessing that resource, perhaps for a number of permissions related reasons, with an error code of 0x80070542. At the same time, anything rendered in ASP.NET comes out perfect.

Cursory searches indicate that the issue typically stems from IIS' account not being able to access these resources. This was run down and IUSERs definitely can access the resources -- in fact, the exact same folder works perfectly in IIS 7.5; only IIS Express barfs. And only when we enable basic authentication -- if we enable windows authentication all requests pass perfectly.

We finally tried running sysinternals procmon in an effort to figure out if we were looking at the correct user and if it was something else that was failing and we found that things were failing with a result of BAD IMPERSONATION. But trying to figure out who is impersonating what has been fruitless. From what we can tell, the IUSER / NETWORK SERVICE / default accounts do have appropriate levels of access, given things work with IIS in production mode and any sort of access test passes. The accounts running IIS express are all local admins and should have access to impersonation. Manually adding that right in local security policy has made no difference. I just can't see a way to fix this short of explicitly defining an impersonation user which I really shouldn't need to do.

So, is there a correct way to make IIS Express work with basic auth and static requests?

IIS Express runs as current logged on user and does not do impersonation. Probably just for testing, could you try adding current logged on user account to IIS IUser group and see if that does any trick.