diff --git a/src/Microsoft.AspNetCore.Server.IISIntegration/IISMiddleware.cs b/src/Microsoft.AspNetCore.Server.IISIntegration/IISMiddleware.cs
index bcf88de15e..96c2e458d9 100644
--- a/src/Microsoft.AspNetCore.Server.IISIntegration/IISMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Server.IISIntegration/IISMiddleware.cs
@@ -56,8 +56,8 @@ namespace Microsoft.AspNetCore.Server.IISIntegration
         {
             if (!string.Equals(_pairingToken, httpContext.Request.Headers[MSAspNetCoreToken], StringComparison.Ordinal))
             {
-                _logger.LogTrace($"'{MSAspNetCoreToken}' does not match the expected pairing token '{_pairingToken}', skipping {nameof(IISMiddleware)}.");
-                await _next(httpContext);
+                _logger.LogError($"'{MSAspNetCoreToken}' does not match the expected pairing token '{_pairingToken}', request rejected.");
+                httpContext.Response.StatusCode = 400;
                 return;
             }
 
diff --git a/test/Microsoft.AspNetCore.Server.IISIntegration.Tests/IISMiddlewareTests.cs b/test/Microsoft.AspNetCore.Server.IISIntegration.Tests/IISMiddlewareTests.cs
index d4155b8b55..be1aacf8b6 100644
--- a/test/Microsoft.AspNetCore.Server.IISIntegration.Tests/IISMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Server.IISIntegration.Tests/IISMiddlewareTests.cs
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Net;
 using System.Net.Http;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Builder;
@@ -38,12 +39,13 @@ namespace Microsoft.AspNetCore.Server.IISIntegration
 
             var req = new HttpRequestMessage(HttpMethod.Get, "");
             req.Headers.TryAddWithoutValidation("MS-ASPNETCORE-TOKEN", "TestToken");
-            await server.CreateClient().SendAsync(req);
+            var response = await server.CreateClient().SendAsync(req);
             Assert.True(assertsExecuted);
+            response.EnsureSuccessStatusCode();
         }
 
         [Fact]
-        public async Task MiddlewareSkippedIfTokenHeaderIsMissing()
+        public async Task MiddlewareRejectsRequestIfTokenHeaderIsMissing()
         {
             var assertsExecuted = false;
 
@@ -65,8 +67,9 @@ namespace Microsoft.AspNetCore.Server.IISIntegration
             var server = new TestServer(builder);
 
             var req = new HttpRequestMessage(HttpMethod.Get, "");
-            await server.CreateClient().SendAsync(req);
-            Assert.True(assertsExecuted);
+            var response = await server.CreateClient().SendAsync(req);
+            Assert.False(assertsExecuted);
+            Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
         }
 
         [Fact]