I found a solution. My assumption concerning what caused this problem was eventually proved accurate. When an unauthorized request was arriving to a controller, which was requiring authorization (using the authorize attribute), then the response was not including the header "Access-Control-Allow-Origin". Consequently the status of the jqXHR on the client was 0 instead of 401.
So I added the "Access-Control-Allow-Origin" to asp.net web api Web.config and finally worked properly.