diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php b/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php
index d4f145b92..efd06353d 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php
@@ -51,8 +51,10 @@ class ApiControllerBase extends Controller
      */
     public function beforeExecuteRoute($dispatcher)
     {
-
-        //$auth = $this->session->get('auth');
+        // use authentication of legacy OPNsense.
+        if ($this->session->has("Logged_In") == false) {
+            $this->response->redirect("/", true);
+        }
     }
 
         /**
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php b/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php
index 0a810a802..9db353b7f 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php
@@ -66,6 +66,10 @@ class ControllerBase extends Controller
      */
     public function beforeExecuteRoute($dispatcher)
     {
+        // use authentication of legacy OPNsense.
+        if ($this->session->has("Logged_In") == false) {
+            $this->response->redirect("/", true);
+        }
         // Execute before every found action
         $this->view->setVar('lang', $this->getTranslator());
     }