2 files changed, 15 insertions, 14 deletions
diff --git a/Emby.Server.Implementations/Session/HttpSessionController.cs b/Emby.Server.Implementations/Session/HttpSessionController.cs
index 1104a7a85..dfb81816c 100644
--- a/Emby.Server.Implementations/Session/HttpSessionController.cs
+++ b/Emby.Server.Implementations/Session/HttpSessionController.cs
@@ -105,7 +105,7 @@ namespace Emby.Server.Implementations.Session
             return SendMessage(command.Command.ToString(), messageId, args, cancellationToken);
         }
 
-        private string[] _supportedMessages = new string[] { };
+        private string[] _supportedMessages = Array.Empty<string>();
         public Task SendMessage<T>(string name, string messageId, T data, ISessionController[] allControllers, CancellationToken cancellationToken)
         {
             if (!IsSessionActive)
diff --git a/Emby.Server.Implementations/Session/SessionManager.cs b/Emby.Server.Implementations/Session/SessionManager.cs
index 61329160a..d1392e162 100644
--- a/Emby.Server.Implementations/Session/SessionManager.cs
+++ b/Emby.Server.Implementations/Session/SessionManager.cs
@@ -1388,27 +1388,28 @@ namespace Emby.Server.Implementations.Session
             if (user != null)
             {
                 // TODO: Move this to userManager?
-                if (!string.IsNullOrEmpty(request.DeviceId))
+                if (!string.IsNullOrEmpty(request.DeviceId)
+                    && !_deviceManager.CanAccessDevice(user, request.DeviceId))
                 {
-                    if (!_deviceManager.CanAccessDevice(user, request.DeviceId))
-                    {
-                        throw new SecurityException("User is not allowed access from this device.");
-                    }
+                    throw new SecurityException("User is not allowed access from this device.");
                 }
             }
 
             if (enforcePassword)
             {
-                var result = await _userManager.AuthenticateUser(request.Username, request.Password, request.PasswordSha1, request.RemoteEndPoint, true).ConfigureAwait(false);
-
-                if (result == null)
-                {
-                    AuthenticationFailed?.Invoke(this, new GenericEventArgs<AuthenticationRequest>(request));
+                user = await _userManager.AuthenticateUser(
+                    request.Username,
+                    request.Password,
+                    request.PasswordSha1,
+                    request.RemoteEndPoint,
+                    true).ConfigureAwait(false);
+            }
 
-                    throw new SecurityException("Invalid user or password entered.");
-                }
+            if (user == null)
+            {
+                AuthenticationFailed?.Invoke(this, new GenericEventArgs<AuthenticationRequest>(request));
 
-                user = result;
+                throw new SecurityException("Invalid user or password entered.");
             }
 
             var token = GetAuthorizationToken(user, request.DeviceId, request.App, request.AppVersion, request.DeviceName);