diff --git a/src/backend/src/CoreModule.js b/src/backend/src/CoreModule.js
index fc8b72ac..c2abefbc 100644
--- a/src/backend/src/CoreModule.js
+++ b/src/backend/src/CoreModule.js
@@ -112,6 +112,7 @@ const install = async ({ services, app, useapi, modapi }) => {
     const { DevConsoleService } = require('./services/DevConsoleService');
     const { RateLimitService } = require('./services/sla/RateLimitService');
     const { AuthService } = require('./services/auth/AuthService');
+    const { PreAuthService } = require("./services/auth/PreAuthService");
     const { SLAService } = require('./services/sla/SLAService');
     const { PermissionService } = require('./services/auth/PermissionService');
     const { ACLService } = require('./services/auth/ACLService');
@@ -222,6 +223,7 @@ const install = async ({ services, app, useapi, modapi }) => {
     })
     services.registerService('rate-limit', RateLimitService);
     services.registerService('auth', AuthService);
+    services.registerService('preauth', PreAuthService);
     services.registerService('permission', PermissionService);
     services.registerService('sla', SLAService);
     services.registerService('acl', ACLService);
diff --git a/src/backend/src/middleware/configurable_auth.js b/src/backend/src/middleware/configurable_auth.js
index c7b3ac68..7a55061c 100644
--- a/src/backend/src/middleware/configurable_auth.js
+++ b/src/backend/src/middleware/configurable_auth.js
@@ -42,6 +42,9 @@ const is_whoami = (req) => {
 const configurable_auth = options => async (req, res, next) => {
     const optional = options?.optional;
 
+    // Request might already have been authed (PreAuthService)
+    if ( req.actor ) next();
+
     // === Getting the Token ===
     // This step came from jwt_auth in src/helpers.js
     // However, since request-response handling is a concern of the
diff --git a/src/backend/src/modules/web/WebServerService.js b/src/backend/src/modules/web/WebServerService.js
index b8c57227..af84b239 100644
--- a/src/backend/src/modules/web/WebServerService.js
+++ b/src/backend/src/modules/web/WebServerService.js
@@ -64,6 +64,7 @@ class WebServerService extends BaseService {
     async ['__on_boot.consolidation'] () {
         const app = this.app;
         const services = this.services;
+        await services.emit('install.middlewares.early', { app });
         await services.emit('install.middlewares.context-aware', { app });
         this.install_post_middlewares_({ app });
         await services.emit('install.routes', {
@@ -81,7 +82,7 @@ class WebServerService extends BaseService {
 
             const event = {
                 req, res,
-                end: false,
+                end_: false,
                 end () {
                     this.end_ = true;
                 }
diff --git a/src/backend/src/services/auth/PreAuthService.js b/src/backend/src/services/auth/PreAuthService.js
new file mode 100644
index 00000000..d2d22725
--- /dev/null
+++ b/src/backend/src/services/auth/PreAuthService.js
@@ -0,0 +1,12 @@
+const configurable_auth = require("../../middleware/configurable_auth");
+const BaseService = require("../BaseService");
+
+class PreAuthService extends BaseService {
+    async ['__on_install.middlewares.early'] (_, { app }) {
+        app.use(configurable_auth({ optional: true }));
+    }
+}
+
+module.exports = {
+    PreAuthService,
+};