diff --git a/trainav.web/Pages/Shared/_Layout.cshtml b/trainav.web/Pages/Shared/_Layout.cshtml
index 98625d7..6f2ca31 100644
--- a/trainav.web/Pages/Shared/_Layout.cshtml
+++ b/trainav.web/Pages/Shared/_Layout.cshtml
@@ -1,4 +1,7 @@
-<!DOCTYPE html>
+@using trainav.web.Utils
+@using trainav.web.database
+@using Microsoft.AspNetCore.Mvc.TagHelpers
+<!DOCTYPE html>
 <html lang="en">
 <head>
 	<meta charset="utf-8"/>
@@ -31,6 +34,11 @@
 </header>
 <div class="container">
 	<main role="main" class="pb-3">
+		@if (AuthUtil.GetRemoteUser(Context, new Database.DbConn()) == "_debuguser") {
+			<div class="alert alert-warning" role="alert">
+				You are connected as the fallback user '@AuthUtil.GetRemoteUser(Context, new Database.DbConn())' because no 'Remote-User' header was received. If this is a production deployment, please make sure your configuration is correct.
+			</div>
+		}
 		@RenderBody()
 	</main>
 </div>
diff --git a/trainav.web/Utils/AuthUtil.cs b/trainav.web/Utils/AuthUtil.cs
index aa3e25c..6b82598 100644
--- a/trainav.web/Utils/AuthUtil.cs
+++ b/trainav.web/Utils/AuthUtil.cs
@@ -8,11 +8,7 @@ namespace trainav.web.Utils;
 
 public static class AuthUtil {
 	public static string GetRemoteUser(HttpContext ctx, Database.DbConn db) {
-		#if (DEBUG)
-		const string remoteUser = "debuguser";
-		#else
-		var remoteUser = ctx.Request.Headers["Remote-User"];
-		#endif
+		var remoteUser = ctx.Request.Headers.ContainsKey("Remote-User") ? ctx.Request.Headers["Remote-User"].ToString() : "_debuguser";
 
 		if (!db.Users.Any(p => p.Username == remoteUser)) {
 			db.InsertWithInt32Identity(new User { Username = remoteUser });