Ok, I have scoured online resources and applied all the suggested solutions.
I am setting up a simple website on Windows Server 2008 R2 under IIS 7.5 using the "ASP.NET v4.0" pool. I am setting this up as an application under Default Web Site with a different root. I keep getting the 403 Forbidden error.
Ok, I am quite embarrassed but the over sight was that "Require SSL" was checked by default and that is the place I did not check. I guess it is because an SSL is bound to the Default Web Site. Removing that check made it work.
Hopefully this will help someone else.