diff --git a/htdocs/api/class/api_login.class.php b/htdocs/api/class/api_login.class.php
index 2bf464f7296..080dca889b5 100644
--- a/htdocs/api/class/api_login.class.php
+++ b/htdocs/api/class/api_login.class.php
@@ -63,6 +63,8 @@ class Login
 		// Authentication mode
 		if (empty($dolibarr_main_authentication))
 			$dolibarr_main_authentication = 'http,dolibarr';
+		$dolibarr_main_authentication = preg_replace('/twofactor/', 'dolibarr', $dolibarr_main_authentication);
+
 		// Authentication mode: forceuser
 		if ($dolibarr_main_authentication == 'forceuser')
 		{
diff --git a/htdocs/dav/fileserver.php b/htdocs/dav/fileserver.php
index 4e99cf92613..05dc3978be9 100644
--- a/htdocs/dav/fileserver.php
+++ b/htdocs/dav/fileserver.php
@@ -81,6 +81,19 @@ $authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(function ($username, $p
 	// Authentication mode
 	if (empty($dolibarr_main_authentication))
 		$dolibarr_main_authentication='http,dolibarr';
+	$dolibarr_main_authentication = preg_replace('/twofactor/', 'dolibarr', $dolibarr_main_authentication);
+
+	// Authentication mode: forceuser
+	if ($dolibarr_main_authentication == 'forceuser')
+	{
+		if (empty($dolibarr_auto_user)) $dolibarr_auto_user='auto';
+		if ($dolibarr_auto_user != $username)
+		{
+			dol_syslog("Warning: your instance is set to use the automatic forced login '".$dolibarr_auto_user."' that is not the requested login. DAV usage is forbidden in this mode.");
+			return false;
+		}
+	}
+
 	$authmode = explode(',', $dolibarr_main_authentication);
 	$entity = (GETPOST('entity', 'int') ? GETPOST('entity', 'int') : (!empty($conf->entity) ? $conf->entity : 1));