Context: Custom API Gateway implemented in ASP.NET and OWIN, hosted in IIS. Reverse-proxy functionality is implemented by using the IIS URL Rewrite rules. OWIN Middleware is used to check and/or manipulate requests (e.g. authorization) and responses (e.g. CORS)

Issue: When using OWIN middleware to add/modify request headers(e.g. context.Request.Headers.Add/Set/Append ), they are simply not present when it reaches the downstream API.

Observations:

The issue is only with request headers. Adding response headers works fine.

The OWIN calls modifying the headers seem to be registered and logged by IIS: (result of context.Request.Headers.Append("X-Test-Last-Middleware", "Testing") )

(result of ) When the custom headers are added client-side (before the request even reaches the OWIN gateway), they reach the downstream API just fine

I've tried allowing the headers in IIS URL Rewrite server variables using the HTTP_X_Test_Last_Middleware syntax/convention, but that did not help

syntax/convention, but that did not help If added manually onto the IIS Rewrite rule (as a server variable using the same convention), the header is present downstream (provided the server variable has been allowed). This does however not suit our use-case.

Does anyone have any ideas on how to do this? Putting dynamic information to the request (headers) before it reaches the downstream API is a must.

Thanks in advance.