401 Unauthorized when sending ajax request to web api

I believe you are mixing between cookies authentication and bearer tokens here, you are not sending an access token in the Authorization header with your request, that is why you keep getting 401.As well you need only to allow CORS using application.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll); and remove it else where from your controllers attribute even from configuration.

Check my Repo here where I've implemented CORS and the front end is AngularJS too. it is working correctly. Here is the live demo too for this repo, open developer tools and monitor the requests, you should see pre-flight request before you see your HTTP get request.

If you need just to protect your API using bearer tokens then I recommend you to read Token Based Authentication post

This could be because because your API is not on the came URL as your calling application. Your URL for the API is:http://127.0.0.1/ (ignoring the folder path - which doesn't matter)

..but you're calling it from http://127.0.0.1:8888 which counts as a separate site as the port is different. Because the browser thinks the site is different, it will not send the cookie.

Have you tried testing it from a page hosted on the same URL as the API (with the same port)?

Most importantly: Check that you can see the Cookie being sent through in Fiddler.

You might also find more relevant information about getting this to work on this answer