diff --git a/Emby.Server.Implementations/Session/SessionManager.cs b/Emby.Server.Implementations/Session/SessionManager.cs
index 34ffceebd2..b1d513dd4f 100644
--- a/Emby.Server.Implementations/Session/SessionManager.cs
+++ b/Emby.Server.Implementations/Session/SessionManager.cs
@@ -1389,6 +1389,12 @@ namespace Emby.Server.Implementations.Session
                 }
             }
 
+            if (user == null)
+            {
+                AuthenticationFailed?.Invoke(this, new GenericEventArgs<AuthenticationRequest>(request));
+                throw new SecurityException("Invalid user or password entered.");
+            }
+
             if (enforcePassword)
             {
                 user = await _userManager.AuthenticateUser(
@@ -1399,13 +1405,6 @@ namespace Emby.Server.Implementations.Session
                     true).ConfigureAwait(false);
             }
 
-            if (user == null)
-            {
-                AuthenticationFailed?.Invoke(this, new GenericEventArgs<AuthenticationRequest>(request));
-
-                throw new SecurityException("Invalid user or password entered.");
-            }
-
             var token = GetAuthorizationToken(user, request.DeviceId, request.App, request.AppVersion, request.DeviceName);
 
             var session = LogSessionActivity(