<authentication mode="Windows" />
<deny users="?" />
Above is simple syntax for setup windows authentication at web.config.
At your IIS site, you also need to change things, you'll need to go to your
IIS site and select Authentication, you should been see Windows
Authentication. If there's no Windows Authentication then you need to install.
You need to also turn Anonymous Anthentication off.
That's should be all of it, but you might seen something that when you hit the
site it'll keep asking the user and password. Although you enter the correct
user and password, it'll ask again.
So, I searched at stackoverflow, following answer resolve my issue.
401 Unauthorized error web api mvc windows authentication
Set the DisableStrictNameChecking registry entry to 1. For more
information about how to do this, click the following article number to
view the article in the Microsoft Knowledge Base: 281308 Connecting to SMB
share on a Windows 2000-based computer or a Windows Server 2003-based
computer may not work with an alias name
Click Start, click Run, type regedit, and then click OK.
In Registry Editor, locate and then click the following registry key:
Right-click MSV1_0, point to New, and then click Multi-String Value.
Type BackConnectionHostNames, and then press ENTER.
Right-click BackConnectionHostNames, and then click Modify.
In the Value data box, type the host name or the host names for the sites
that are on the local computer, and then click OK.
Quit Registry Editor, and then restart the IISAdmin service.