Fatal Communication Error with the Windows Process Activation Service

I have a .NET WebAPI app working locally on my dev machine's IIS, but if I deploy it on a server, there I get the error

HTTP Error 503. The service is unavailable.

whenever I try to access the API. At the same moment, the AppPool stops (yes, it has started correctly and runs correctly until I make an API call) and I get the error in event viewer:

A process serving application pool 'MyNewTestAppPool' suffered a fatal communication error with the Windows Process Activation Service.

The controller I call is a really complicated one:

public class ExampleController : ApiController
{
    [HttpGet]
    public bool GetTrue()
    {
        return true;
    }
}

so this cannot be an issue with a stack overflow caused by endless loop inside my code. I fear that it is an endless loop inside the authentication and authorization chain.

The main change to another app that deployed correctly on the same server is that this app should have most controllers require authentication against local AD, with a single controller that doesn't – while the other apps either always require authentication, or never.

To achieve this hybrid mode, I did the following:

• in Web.config, I added <authentication mode="Windows" />
• in IIS, I enabled both Anonymous Authentication and Windows Authentication
• in Global.asax.cs, I added the AuthorizeAttribute to all controllers: GlobalConfiguration.Configuration.Filters.Add(new System.Web.Http.AuthorizeAttribute());
• the single function that should be accessible without authentication has got the [AllowAnonymous] attribute set.

Not sure what's happening there, does someone know what happens or how to debug this?