diff --git a/authentication/source/java/ch/systemsx/cisd/authentication/DummyAuthenticationService.java b/authentication/source/java/ch/systemsx/cisd/authentication/DummyAuthenticationService.java
index 0d499ce85b46b9dd5eaf548984a98f3f17edfdb6..ba3ffe74cac9fb5363674ca44fabf75b2cbf007a 100644
--- a/authentication/source/java/ch/systemsx/cisd/authentication/DummyAuthenticationService.java
+++ b/authentication/source/java/ch/systemsx/cisd/authentication/DummyAuthenticationService.java
@@ -74,6 +74,13 @@ public final class DummyAuthenticationService implements IAuthenticationService
         return principal;
     }
 
+    public Principal tryGetAndAuthenticateUserByEmail(String applicationToken, String email, String passwordOrNull)
+    {
+        final Principal principal = getPrincipal(applicationToken, email);
+        principal.setAuthenticated(true);
+        return principal;
+    }
+
     public boolean isRemote()
     {
         return false;
diff --git a/authentication/source/java/ch/systemsx/cisd/authentication/IAuthenticationService.java b/authentication/source/java/ch/systemsx/cisd/authentication/IAuthenticationService.java
index da84e96632a893469a40ec067aae50d5f149317b..4c1bc8873b1cdc7a46480d77a0717a0ebf2cca5d 100644
--- a/authentication/source/java/ch/systemsx/cisd/authentication/IAuthenticationService.java
+++ b/authentication/source/java/ch/systemsx/cisd/authentication/IAuthenticationService.java
@@ -80,8 +80,7 @@ public interface IAuthenticationService extends ISelfTestable
      * </p>
      * 
      * @return The <code>Principal</code> object for the given <var>user</var>.
-     * @throws IllegalArgumentException If either the <var>applicationToken</var> is invalid or the
-     *             <var>user</var> cannot be found.
+     * @throws IllegalArgumentException If the <var>user</var> cannot be found.
      */
     public Principal getPrincipal(String applicationToken, String user)
             throws IllegalArgumentException;
@@ -100,7 +99,6 @@ public interface IAuthenticationService extends ISelfTestable
      *            <code>*</code>).
      * @throws UnsupportedOperationException if this authentication service does not support this
      *             operation.
-     * @throws IllegalArgumentException If the <var>applicationToken</var> is invalid.
      */
     public List<Principal> listPrincipalsByUserId(String applicationToken, String userIdQuery)
             throws IllegalArgumentException;
@@ -111,6 +109,29 @@ public interface IAuthenticationService extends ISelfTestable
      */
     public boolean supportsListingByEmail();
 
+    /**
+     * Returns the user details for the given <var>email</var>, optionally trying to authenticating
+     * the user with the given <var>passwordOrNull</var>.
+     * <p>
+     * <b>Note: if multiple users with this email address exist in the authentication repository,
+     * the first one regarding an arbitrary (repository determined) order will be returned.</b>
+     * 
+     * @param applicationToken The token to authenticate the application towards the authentication
+     *            system.
+     * @param email The email of the user to get the details for.
+     * @param passwordOrNull The password to use for the authentication request. If
+     *            <code>null</code>, the user will not be authenticated.
+     * @return The Principal object, if a user with this <var>email</var> exist, <code>null</code>
+     *         otherwise. You can check with {@link Principal#isAuthenticated()} or
+     *         {@link Principal#isAuthenticated(Principal)} whether the authentication request has
+     *         been successful.
+     * @throws UnsupportedOperationException if this authentication service does not support this
+     *             operation.
+     * @throws IllegalArgumentException If the <var>applicationToken</var> is invalid.
+     */
+    public Principal tryGetAndAuthenticateUserByEmail(String applicationToken, String email,
+            String passwordOrNull);
+
     /**
      * Returns a list of all users that match the <var>emailQuery</var>.
      * 
diff --git a/authentication/source/java/ch/systemsx/cisd/authentication/NullAuthenticationService.java b/authentication/source/java/ch/systemsx/cisd/authentication/NullAuthenticationService.java
index 963f6a6e8ee1e2da1793b4c42e5caa2b4b6296a8..ad7dcf25e8553e804eda79a41825e91da779e20e 100644
--- a/authentication/source/java/ch/systemsx/cisd/authentication/NullAuthenticationService.java
+++ b/authentication/source/java/ch/systemsx/cisd/authentication/NullAuthenticationService.java
@@ -45,6 +45,11 @@ public class NullAuthenticationService implements IAuthenticationService
         throw new UnsupportedOperationException();
     }
 
+    public Principal tryGetAndAuthenticateUserByEmail(String applicationToken, String email, String passwordOrNull)
+    {
+        throw new UnsupportedOperationException();
+    }
+
     public Principal getPrincipal(String applicationToken, String user)
     {
         throw new UnsupportedOperationException();
diff --git a/authentication/source/java/ch/systemsx/cisd/authentication/crowd/CrowdAuthenticationService.java b/authentication/source/java/ch/systemsx/cisd/authentication/crowd/CrowdAuthenticationService.java
index fad13846d892ecca5e2b739c4d569f724287cfda..1748512854d6cdecfc32a7ff005f794c776e20d7 100644
--- a/authentication/source/java/ch/systemsx/cisd/authentication/crowd/CrowdAuthenticationService.java
+++ b/authentication/source/java/ch/systemsx/cisd/authentication/crowd/CrowdAuthenticationService.java
@@ -448,6 +448,11 @@ public class CrowdAuthenticationService implements IAuthenticationService
         throw new UnsupportedOperationException();
     }
 
+    public Principal tryGetAndAuthenticateUserByEmail(String applicationToken, String email, String passwordOrNull)
+    {
+        throw new UnsupportedOperationException();
+    }
+
     public List<Principal> listPrincipalsByLastName(String applicationToken, String lastNameQuery)
     {
         throw new UnsupportedOperationException();
diff --git a/authentication/source/java/ch/systemsx/cisd/authentication/file/FileAuthenticationService.java b/authentication/source/java/ch/systemsx/cisd/authentication/file/FileAuthenticationService.java
index ebf91abe3aaba606c519e4ca2693e13e8baf9122..a173e1f87bafb193a4f446a799e2ec04c9babe60 100644
--- a/authentication/source/java/ch/systemsx/cisd/authentication/file/FileAuthenticationService.java
+++ b/authentication/source/java/ch/systemsx/cisd/authentication/file/FileAuthenticationService.java
@@ -130,6 +130,11 @@ public class FileAuthenticationService implements IAuthenticationService
         return principalOrNull;
     }
 
+    public Principal tryGetAndAuthenticateUserByEmail(String applicationToken, String email, String passwordOrNull)
+    {
+        throw new UnsupportedOperationException();
+    }
+
     public List<Principal> listPrincipalsByEmail(String applicationToken, String emailQuery)
     {
         throw new UnsupportedOperationException();
diff --git a/authentication/source/java/ch/systemsx/cisd/authentication/ldap/LDAPAuthenticationService.java b/authentication/source/java/ch/systemsx/cisd/authentication/ldap/LDAPAuthenticationService.java
index c4962e10ea5d443a53f079f78c74f47cc7d5a81d..75f95dbe0de8e447a791a07c7d19e3bd18f31068 100644
--- a/authentication/source/java/ch/systemsx/cisd/authentication/ldap/LDAPAuthenticationService.java
+++ b/authentication/source/java/ch/systemsx/cisd/authentication/ldap/LDAPAuthenticationService.java
@@ -71,6 +71,11 @@ public class LDAPAuthenticationService implements IAuthenticationService
         return query.listPrincipalsByEmail(emailQuery);
     }
 
+    public Principal tryGetAndAuthenticateUserByEmail(String applicationToken, String email, String passwordOrNull)
+    {
+        return query.tryGetAndAuthenticatePrincipalByEmail(email, passwordOrNull);
+    }
+
     public List<Principal> listPrincipalsByLastName(String applicationToken, String lastNameQuery)
     {
         return query.listPrincipalsByLastName(lastNameQuery);
diff --git a/authentication/source/java/ch/systemsx/cisd/authentication/ldap/LDAPPrincipalQuery.java b/authentication/source/java/ch/systemsx/cisd/authentication/ldap/LDAPPrincipalQuery.java
index 02dd907523ed11efa0f080df50b6e04035b845e1..3396beb0bbd5f791ba93551c03206e5382e72f0d 100644
--- a/authentication/source/java/ch/systemsx/cisd/authentication/ldap/LDAPPrincipalQuery.java
+++ b/authentication/source/java/ch/systemsx/cisd/authentication/ldap/LDAPPrincipalQuery.java
@@ -180,6 +180,23 @@ public final class LDAPPrincipalQuery implements ISelfTestable
         {
             return null;
         }
+        authenticatePrincipal(principal, passwordOrNull);
+        return principal;
+    }
+
+    public Principal tryGetAndAuthenticatePrincipalByEmail(String email, String passwordOrNull)
+    {
+        final Principal principal = tryGetPrincipalByEmail(email);
+        if (principal == null)
+        {
+            return null;
+        }
+        authenticatePrincipal(principal, passwordOrNull);
+        return principal;
+    }
+
+    private void authenticatePrincipal(final Principal principal, String passwordOrNull)
+    {
         final String distinguishedName = principal.getProperty(DISTINGUISHED_NAME_ATTRIBUTE_NAME);
         final boolean authenticated =
                 (passwordOrNull == null) ? false : authenticateUserByDistinguishedName(
@@ -187,10 +204,9 @@ public final class LDAPPrincipalQuery implements ISelfTestable
         principal.setAuthenticated(authenticated);
         if (operationLog.isDebugEnabled() && passwordOrNull != null)
         {
-            operationLog.debug(String.format(LOGIN_DN_MSG_TEMPLATE, userId, distinguishedName,
-                    getStatus(authenticated)));
+            operationLog.debug(String.format(LOGIN_DN_MSG_TEMPLATE, principal.getUserId(),
+                    distinguishedName, getStatus(authenticated)));
         }
-        return principal;
     }
 
     private String getStatus(final boolean status)
diff --git a/authentication/source/java/ch/systemsx/cisd/authentication/stacked/StackedAuthenticationService.java b/authentication/source/java/ch/systemsx/cisd/authentication/stacked/StackedAuthenticationService.java
index 88d0460446bc79b471777b77e540899a1c0dfbcd..3c93b2053527f991520593094b6f6f4e483eecab 100644
--- a/authentication/source/java/ch/systemsx/cisd/authentication/stacked/StackedAuthenticationService.java
+++ b/authentication/source/java/ch/systemsx/cisd/authentication/stacked/StackedAuthenticationService.java
@@ -120,6 +120,23 @@ public class StackedAuthenticationService implements IAuthenticationService
         return null;
     }
 
+    public Principal tryGetAndAuthenticateUserByEmail(String applicationToken, String email, String passwordOrNull)
+    {
+        checkAuthenticatedApplication();
+        int i = 0;
+        for (IAuthenticationService service : delegates)
+        {
+            final String token = tokens.get(i);
+            final Principal principal = service.tryGetAndAuthenticateUserByEmail(token, email, passwordOrNull);
+            if (principal != null)
+            {
+                return principal;
+            }
+            ++i;
+        }
+        return null;
+    }
+
     public List<Principal> listPrincipalsByEmail(String applicationToken, String emailQuery)
     {
         if (supportsListingByEmail == false)