Did you check that in the physical directory of the IIS your 'IUSR' user (anonymous account) has at least read access to this directory? If not, I really would not add it but instead look at moving it into another newly created folder and setting the permissions on that (just not a good practice to start changing the permissions on the Kentico core folders and objects)
If that does not help, then I would look at the Kentico classes you are instantiating in your code, some may require authentication to access. If you are not sure, shoot an email to Kentico support and they should be able to help you. You may be able to impersonate a elevated user in your code to accomplish this.
Overall you are putting a lot of effort that could be more quickly solved with a web.config change...but even with a web.config change if Kentico classes are causing the issue you will have to take additional steps.