http://stackoverflow.com/questions/8232922/asp-pages-in-iis-using-localhost-401-3-error-do-not-have-permission

OK, working from memory here as I am not in front of a Windows machine.

If you right click on your webroot folder /inetpub/wwwroot/ or the website directory you are working on open properties and select security, I think it is, you will see the list of users with their permissions for that folder. There is a section to add new users where you can add the IUSR account (search from the list of users if you need to) which will be the default user used when anonymous authentication is enabled. Give this account the relevant permissions (read, write, execute) ensuring you apply to file and subfolders. Refresh the website in IIS and you should hopefully be good to go.