I was working with an aspx-page that was called by an isv.config.xml-button today and had problems with getting the impersonation to work. It was quite obvious when I solved it. If you have similar problems, I have a few tips:
Usually the external webpages are run from another website that CRM. Make sure this website has anonymous access shut off and Integrated Windows Authentication turned on. Also make sure that the tag <identity impersonate="true"/> is in the web.config-file of the root of the website.
To avoid getting login-dialogs, make sure the site with the external pages are in trusted sites or Local Intranet Sites in IE.
If you have followed these tips, impersonation should work. The SDK mentions that users have to be in the PrivUserGroup but when I tried it still worked. Maybe that is needed in some special cases. If I manage to understand when, I will write about it.
CRM and SharePoint Consultant