RemoteIpAddress and X-Forwarded-For #742
Description
We struggled for some time now to find a way to reliable find out the client IP address in ASP.NET Core...
- Environment: Windows Server 2008 R2, IIS 7.5, ASP.NET Core 1.0.0 (still)
- Requirement: it should work with direct callers as well as with clients that come over a corporate proxy.
First we activated UseIISIntegration()
and app.UseForwardedHeaders(new ForwardedHeadersOptions { ForwardedHeaders = ForwardedHeaders.XForwardedFor })
in the startup phase.
Then we thought that we could use httpContext.Connection.RemoteIpAddress
for this scenario and yes, it works when we have direct callers - in this case it returns the right client IP... But: unfortunately it doesn't work when the client is behind our corporate proxy. In this case, Connection.RemoteIpAddress
everytime returns 127.0.0.1
.
Doing some more investigation we found out that the X-Forwarded-For
request header was correctly set for clients that come over the proxy: X-Forwarded-For: <client-ip>, 127.0.0.1, <proxy-ip:port>
. Hence, we are able to manually grab the right client IP from the request. But we thought that httpContext.Connection.RemoteIpAddress
is exactly doing this for us?