diff --git a/lib/redmine_dmsf/webdav/resource_proxy.rb b/lib/redmine_dmsf/webdav/resource_proxy.rb
index 0e0c1260..b433b78b 100644
--- a/lib/redmine_dmsf/webdav/resource_proxy.rb
+++ b/lib/redmine_dmsf/webdav/resource_proxy.rb
@@ -45,19 +45,21 @@ module RedmineDmsf
       end
 
       def authenticate(username, password)
-        # Bugfix: Current DAV4Rack (including production) authenticate against ALL requests
-        # Microsoft Web Client will not attempt any authentication (it'd seem) until it's acknowledged
-        # a completed OPTIONS request. Ideally this is a flaw with the controller, however as I'm not
-        # going to fork it to ensure compliance, checking the request method in the authentication
-        # seems the next best step, if the request method is OPTIONS return true, controller will simply
-        # call the options method within, which accesses nothing, just returns headers about dav env.
-        return true if @request.request_method.downcase == 'options' && (path == '/' || path.empty?)
-
-        # Allow anonymous OPTIONS requests from MsOffice
-        return true if @request.request_method.downcase == 'options' && !@request.user_agent.nil? && @request.user_agent.downcase.include?('microsoft office')
-        # Allow anonymous HEAD requests from MsOffice
-        return true if @request.request_method.downcase == 'head' && !@request.user_agent.nil? && request.user_agent.downcase.include?('microsoft office')
+        unless username && password
+          # Bugfix: Current DAV4Rack (including production) authenticate against ALL requests
+          # Microsoft Web Client will not attempt any authentication (it'd seem) until it's acknowledged
+          # a completed OPTIONS request. Ideally this is a flaw with the controller, however as I'm not
+          # going to fork it to ensure compliance, checking the request method in the authentication
+          # seems the next best step, if the request method is OPTIONS return true, controller will simply
+          # call the options method within, which accesses nothing, just returns headers about dav env.
+          return true if @request.request_method.downcase == 'options' && (path == '/' || path.empty?)
 
+          # Allow anonymous OPTIONS requests from MsOffice
+          return true if @request.request_method.downcase == 'options' && !@request.user_agent.nil? && @request.user_agent.downcase.include?('microsoft office')
+          # Allow anonymous HEAD requests from MsOffice
+          return true if @request.request_method.downcase == 'head' && !@request.user_agent.nil? && request.user_agent.downcase.include?('microsoft office')
+        end
+          
         return false unless username && password
         User.current = User.try_to_login(username, password)
         return User.current && !User.current.anonymous?