172.16.1.1 is a private IP address.
You can configure it as a known proxy in app.UseForwardedHeaders(...) before app.UseAuthentication().
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILoggerFactory loggerFactory)
{
...
var forwardedHeadersOptions = new ForwardedHeadersOptions // Add this
{ // Add this
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto // Add this
}; // Add this
forwardedHeadersOptions.KnownProxies.Add(IPAddress.Parse("::ffff:172.16.1.1")); // Add this
app.UseForwardedHeaders(forwardedHeadersOptions); // Add this
app.UseAuthentication();
...
}
Microsoft docs: https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-3.1
I just told you exactly how and even provided a code sample that you can copy and paste directly into your ASP .NET Zero solution.
- Why is a new 1 year token created every time the admin user logs in? Why are the old 1 year tokens not deleted automatically when the admin user logs in?
A user can log in from multiple devices and browsers. The token for a session is deleted when the user logs out properly via the API.
- Is this the definition of the UserTokenExpirationWorker? It appears to only delete tokens that have expired. Am I missing something that explains how the 1 year tokens are supposed to be cleaned up?
Yes. Only expired tokens are cleaned up.