diff --git a/Emby.Server.Implementations/Session/SessionManager.cs b/Emby.Server.Implementations/Session/SessionManager.cs
index b87ca3a114..80079ae6c0 100644
--- a/Emby.Server.Implementations/Session/SessionManager.cs
+++ b/Emby.Server.Implementations/Session/SessionManager.cs
@@ -1393,6 +1393,13 @@ namespace Emby.Server.Implementations.Session
                 }
             }
 
+            if (user == null)
+            {
+                AuthenticationFailed?.Invoke(this, new GenericEventArgs<AuthenticationRequest>(request));
+
+                throw new SecurityException("Invalid user or password entered.");
+            }
+
             if (enforcePassword)
             {
                 user = await _userManager.AuthenticateUser(
@@ -1403,13 +1410,6 @@ namespace Emby.Server.Implementations.Session
                     true).ConfigureAwait(false);
             }
 
-            if (user == null)
-            {
-                AuthenticationFailed?.Invoke(this, new GenericEventArgs<AuthenticationRequest>(request));
-
-                throw new SecurityException("Invalid user or password entered.");
-            }
-
             var token = GetAuthorizationToken(user, request.DeviceId, request.App, request.AppVersion, request.DeviceName);
 
             var session = LogSessionActivity(