401.0 - Unauthorized - MVC App with IIS 7

I've got an MVC app that normally works fine, but on a particular server, it's returning a 401.0 "The authenticated user does not have access to a resource needed to process the request" error.

Normally it works like this:

1. User logs into a separate application, gets a user ID and token, clicks a link into this application. User ID and token go into the URL.
2. User gets into my application with Anonymous auth, and then in our LogonAuthorize filter, we get the ID and token from the query string to authenticate the user.

I have logging in the filter, and I can see the user getting authenticated. So, they're making it at least that far. However, instead of the page they're supposed to see, there's a 401.0 Unauthorized error from IIS.

Things I have tried:

• Giving IUSR access to the directory
• Running mirate.exe (it's an Entity Framework app)
• Removing all [Authorize] attributes in the solution... I know that we make it as far as the Initialize() event of my BaseController object. We don't seem to make it into the specific controller actions, such as Home/Index, which inherits BaseController. I don't see any logging after BaseController.Initialize().
• Giving Network Service access to the directory
• Switching the App Pool from Integrated to Classic (I get a blank screen instead of a 401.0 error, which is odd. Same authentication stuff in the logs.)
• Using a local user account instead of Network Service with the app pool, giving that account access to the directory
• Setting different accounts to be used by "Anonymous"
• Rebuilding and redeploying the app (several times)
• Different authentication schemes: Turning on Windows auth gives a 401.1, turning off all of them gives a 401.2
• Making sure Global.asax is in the right place
• aspnet_regiis -i
• Tearing all my hair out (counterproductive)

I set up a tracing rule for this error, and I have a trace, but I have no idea how to read it. I would paste it here, but it's a pretty long XML file.

The error comes from module ManagedPipelineHandler, notification ExecuteRequestHandler, handler System.Web.Mvc.MvcHandler, with error code 0x00000000.

One detail: This server is configured to use port 90 instead of port 80. I'm not sure why that would cause problems, but maybe it would?

One other detail: The app in question is running as an application in a virtual directory underneath the "main" application, which is configured as the root website.

One new detail: This server is Windows Server 2008 R2, and was upgraded from Windows Server 2003. I believe something in the upgrade process may account for the issue, as none of the "usual suspect" solutions to this type of problem have helped.