Cannot use integrated security with netcore app on iis installed as a web site

I have a little test project in netcore (2.1.401) that returns the logged in user via CNTLM. I deployed it to an IIS server following [this guide]. I also added the website to the hosts file.

If I deploy it as an application inside the default web site it works fine. But when I try to do it as a web site, with Anonymous auth disabled and Windows auth enabled, I have to enter my credentials several times and finally get this error:

HTTP Error 401.1 - Unauthorized

You do not have permission to view this directory or page using the credentials that you supplied.

Detailed Error Information:
Module   WindowsAuthenticationModule 
Notification   AuthenticateRequest 
Handler   aspNetCore 
Error Code   0xc000006d 
Requested URL   http://iis.localhost.net:80/user 
Physical Path   C:\inetpub\wwwroot\iis\user 
Logon Method   Not yet determined 
Logon User   Not yet determined 

I tried adding myself to the web.config file, like this:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <location path="." inheritInChildApplications="false">
        <system.webServer>
            <handlers>
                <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
            </handlers>
            <aspNetCore processPath=".\iis.exe" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" />
            <security>
                <authorization>
                    <allow users="mydomain\myuser" />
                    <deny users="*" />
                </authorization>
            </security>
        </system.webServer>
    </location>
</configuration>

I'm using Windows server 2016 Datacenter, IIS 10.0.14393.0