diff --git a/Emby.Server.Implementations/HttpServer/Security/AuthService.cs b/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
index 50c5b5b79e..7d53e886f7 100644
--- a/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
+++ b/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
@@ -19,6 +19,11 @@ namespace Emby.Server.Implementations.HttpServer.Security
         public AuthorizationInfo Authenticate(HttpRequest request)
         {
             var auth = _authorizationContext.GetAuthorizationInfo(request);
+            if (auth == null)
+            {
+                throw new SecurityException("Unauthenticated request.");
+            }
+
             if (auth.User?.HasPermission(PermissionKind.IsDisabled) ?? false)
             {
                 throw new SecurityException("User account has been disabled.");
diff --git a/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs b/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs
index c7666452c2..1f647b78bc 100644
--- a/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs
+++ b/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs
@@ -114,7 +114,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
             if (string.IsNullOrWhiteSpace(token))
             {
                 // Request doesn't contain a token.
-                throw new SecurityException("Unauthorized.");
+                return (null, null);
             }
 
             var result = _authRepo.Get(new AuthenticationInfoQuery