I struggled with this problem the past few days.
I suggest reading Scott Guthrie’s blog post Recipe: Enabling Windows Authentication within an Intranet ASP.NET Web application
For me the problem was that although I had Windows Authentication enabled in IIS and I had <authentication mode="Windows" />
in the <system.web>
section of web.config, I was not preventing anonymous access. This last part was the key. You need to prevent anonymous access to ensure that the browser sends the credentials.
You can either configure IIS in Control Panel so that your site (or machine) uses Windows authentication and denies anonymous access or you can add the following to your web.config in the system.web section:
<authentication mode="Windows" />
<authorization>
<deny users="?"/>
</authorization>