diff --git a/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs b/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs
index 718681ac3b..efe28763f1 100644
--- a/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs
@@ -218,7 +218,7 @@ namespace Umbraco.Web.BackOffice.Controllers
         public async Task<double> GetRemainingTimeoutSeconds()
         {
             // force authentication to occur since this is not an authorized endpoint
-            var result = await HttpContext.AuthenticateAsync(Constants.Security.BackOfficeAuthenticationType);
+            var result = await this.AuthenticateBackOfficeAsync();
             if (!result.Succeeded)
             {
                 return 0;
@@ -250,7 +250,7 @@ namespace Umbraco.Web.BackOffice.Controllers
         public async Task<bool> IsAuthenticated()
         {
             // force authentication to occur since this is not an authorized endpoint
-            var result = await HttpContext.AuthenticateAsync(Constants.Security.BackOfficeAuthenticationType);
+            var result = await this.AuthenticateBackOfficeAsync();
             return result.Succeeded;
         }
 
@@ -572,7 +572,7 @@ namespace Umbraco.Web.BackOffice.Controllers
         public async Task<IActionResult> PostLogout()
         {
             // force authentication to occur since this is not an authorized endpoint
-            var result = await HttpContext.AuthenticateAsync(Constants.Security.BackOfficeAuthenticationType);
+            var result = await this.AuthenticateBackOfficeAsync();
             if (!result.Succeeded) return Ok();
 
             await _signInManager.SignOutAsync();
diff --git a/src/Umbraco.Web.BackOffice/Controllers/BackOfficeController.cs b/src/Umbraco.Web.BackOffice/Controllers/BackOfficeController.cs
index 59ace894b1..1ce0831502 100644
--- a/src/Umbraco.Web.BackOffice/Controllers/BackOfficeController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/BackOfficeController.cs
@@ -104,7 +104,7 @@ namespace Umbraco.Web.BackOffice.Controllers
         public async Task<IActionResult> Default()
         {
             // force authentication to occur since this is not an authorized endpoint
-            var result = await HttpContext.AuthenticateAsync(Constants.Security.BackOfficeAuthenticationType);            
+            var result = await this.AuthenticateBackOfficeAsync();
 
             var viewPath = Path.Combine(_globalSettings.UmbracoPath , Constants.Web.Mvc.BackOfficeArea, nameof(Default) + ".cshtml")
                 .Replace("\\", "/"); // convert to forward slashes since it's a virtual path
@@ -119,7 +119,7 @@ namespace Umbraco.Web.BackOffice.Controllers
         [AllowAnonymous]
         public async Task<IActionResult> VerifyInvite(string invite)
         {
-            var authenticate = await HttpContext.AuthenticateAsync(Constants.Security.BackOfficeAuthenticationType);
+            var authenticate = await this.AuthenticateBackOfficeAsync();
 
             //if you are hitting VerifyInvite, you're already signed in as a different user, and the token is invalid
             //you'll exit on one of the return RedirectToAction(nameof(Default)) but you're still logged in so you just get
@@ -190,7 +190,7 @@ namespace Umbraco.Web.BackOffice.Controllers
         public async Task<IActionResult> AuthorizeUpgrade()
         {
             // force authentication to occur since this is not an authorized endpoint
-            var result = await HttpContext.AuthenticateAsync(Constants.Security.BackOfficeAuthenticationType);
+            var result = await this.AuthenticateBackOfficeAsync();
 
             var viewPath = Path.Combine(_globalSettings.UmbracoPath, Constants.Web.Mvc.BackOfficeArea, nameof(AuthorizeUpgrade) + ".cshtml");
 
diff --git a/src/Umbraco.Web.Common/Extensions/ControllerExtensions.cs b/src/Umbraco.Web.Common/Extensions/ControllerExtensions.cs
index cc52349699..b5fa9f946c 100644
--- a/src/Umbraco.Web.Common/Extensions/ControllerExtensions.cs
+++ b/src/Umbraco.Web.Common/Extensions/ControllerExtensions.cs
@@ -1,10 +1,29 @@
 using System;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Mvc;
+using Umbraco.Core;
 
 namespace Umbraco.Extensions
 {
     public static class ControllerExtensions
     {
+        /// <summary>
+        /// Runs the authentication process 
+        /// </summary>
+        /// <param name="controller"></param>
+        /// <returns></returns>
+        public static async Task<AuthenticateResult> AuthenticateBackOfficeAsync(this ControllerBase controller)
+        {
+            if (controller.HttpContext == null)
+            {
+                return AuthenticateResult.NoResult();
+            }
+
+            var result = await controller.HttpContext.AuthenticateAsync(Constants.Security.BackOfficeAuthenticationType);
+            return result;
+        }
+
         /// <summary>
         /// Return the controller name from the controller type
         /// </summary>
diff --git a/src/Umbraco.Web.Common/Install/InstallController.cs b/src/Umbraco.Web.Common/Install/InstallController.cs
index 5d8d3bf76f..1e8264a2fc 100644
--- a/src/Umbraco.Web.Common/Install/InstallController.cs
+++ b/src/Umbraco.Web.Common/Install/InstallController.cs
@@ -74,7 +74,7 @@ namespace Umbraco.Web.Common.Install
                 // Update ClientDependency version and delete its temp directories to make sure we get fresh caches
                 _runtimeMinifier.Reset();
 
-                var authResult = await HttpContext.AuthenticateAsync(Core.Constants.Security.BackOfficeAuthenticationType);
+                var authResult = await this.AuthenticateBackOfficeAsync();
 
                 if (!authResult.Succeeded)
                 {