Home/ Questions/Q 6550413
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T12:12:45+00:00

I have an IIS instance configured with Windows Authentication and URL Rewrite, so it

  • 0

I have an IIS instance configured with Windows Authentication and URL Rewrite, so it basically works as a reverse proxy. My backend server (run on Linux) expects a REMOTE_USER header. Is it possible to configure IIS to pass information about the authenticated user to the backend server?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If IIS is configured for Windows Auth, then ARR will challenge and only forward requests once the user is authenticated.

    It is possible to forward custom headers with the request using a HTTP naming convention and serverVariables element in the rewrite rules. For instance, in the following example the server variable LOCAL_ADDR is forwarded as a header named X-MY-HEADER.

    <rule name="Reverse Proxy to MySite" stopProcessing="true">
   <match url="^MySite/(.*)" />
   <serverVariables>
      <set name="HTTP_X_MY_HEADER" value="{LOCAL_ADDR}" />
    </serverVariables>
    <action type="Rewrite" url="http://www.myothersite.com/{R:1}" />
</rule>

    Unfortunately it’s not possible to use this technique to forward a REMOTE_USER header. This is because when the Authorization header is present, the request is forwarded before the authentication module runs, and therefore auth server variables are not set (when mapped to headers they simply come through blank).

    You can however set IIS to use Basic Windows Auth, and then extract the username from the Base64 encoded Authorization header on your Linux server.

    • 0