Passthrough (impersonation) authentication with ASP.NET and TFS api

I'm trying to enable passthrough or impersonation authentication inside an ASP.NET website that uses the TFS2010 API.

I've got this working correctly with Cassini, however with IIS 7.5 (Windows 7) something is going wrong.

I found this blog post on the subject, and tried the following:

private static void Test()
{
    TfsTeamProjectCollection baseUserTpcConnection = 
            new TfsTeamProjectCollection(new Uri(Settings.TfsServer));

    // Fails as 'baseUserTpcConnection' isn't authenticated
    IIdentityManagementService ims = 
            baseUserTpcConnection.GetService();

    // Read out the identity of the user we want to impersonate
    TeamFoundationIdentity identity = ims.ReadIdentity(
            IdentitySearchFactor.AccountName, 
            HttpContext.Current.User.Identity.Name,
            MembershipQuery.None, 
            ReadIdentityOptions.None);

    TfsTeamProjectCollection impersonatedTpcConnection = new 
            TfsTeamProjectCollection(new Uri(Settings.TfsServer), 
            identity.Descriptor);
}

When I use Cassini nothing is needed besides

collection = new TfsTeamProjectCollection(new Uri(server));

I have enabled the web.config settings (and have the Windows Auth module installed):

Is there something obvious that I've missed out?