403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied
Try this
<allow users="?" />
Now you are using <deny users="?" />
that means you are not allowing authenticated user to use your site.
authorization Element
I had the same problem. It turned out that I didn't specify a default page and I didn't have any page that is named after the default page convention (default.html, defult.aspx etc). As a result, ASP.NET doesn't allow the user to browse the directory (not a problem in Visual Studio built-in web server that allows you to view the directory) and shows the error message. To fix it, I added one default page in Web.Config and it worked.
<system.webServer>
<defaultDocument>
<files>
<add value="myDefault.aspx"/>
</files>
</defaultDocument>
</system.webServer>