When you publish your web project, your logged in security credentials doesn't matter. ASP.NET pages are processed through a different account (depends on IIS version). By default that account has very limited permissions. You need to assign permissions to that account.
Moreover creating a virtual directory on a desktop doesn't sound like a good idea to me, though I don't think there's anything wrong in it. You should create a folder in one of the drive and keep all your web applications inside different folders if you are testing on your system.
BTW if you
search Google for http error 401.3[
^], you will get a lot of links discussing the same. Read them and you will get detailed information abut the issue.
Hope this helps!