diff --git a/OpenRA.Game/Server/Server.cs b/OpenRA.Game/Server/Server.cs
index 2695cf9547..e3dcd8c5f8 100644
--- a/OpenRA.Game/Server/Server.cs
+++ b/OpenRA.Game/Server/Server.cs
@@ -476,11 +476,25 @@ namespace OpenRA.Server
 
 						delayedActions.Add(() =>
 						{
-							if (Dedicated && Settings.RequireAuthIDs.Any() &&
-								(profile == null || !Settings.RequireAuthIDs.Contains(profile.ProfileID)))
+							var notAuthenticated = Dedicated && profile == null && (Settings.RequireAuthentication || Settings.ProfileIDWhitelist.Any());
+							var blacklisted = Dedicated && profile != null && Settings.ProfileIDBlacklist.Contains(profile.ProfileID);
+							var notWhitelisted = Dedicated && Settings.ProfileIDWhitelist.Any() &&
+								(profile == null || !Settings.ProfileIDWhitelist.Contains(profile.ProfileID));
+
+							if (notAuthenticated)
 							{
-								Log.Write("server", "Rejected connection from {0}; Not in server whitelist.", newConn.Socket.RemoteEndPoint);
-								SendOrderTo(newConn, "ServerError", "You are not authenticated for this server");
+								Log.Write("server", "Rejected connection from {0}; Not authenticated.", newConn.Socket.RemoteEndPoint);
+								SendOrderTo(newConn, "ServerError", "Server requires players to have an OpenRA forum account");
+								DropClient(newConn);
+							}
+							else if (blacklisted || notWhitelisted)
+							{
+								if (blacklisted)
+									Log.Write("server", "Rejected connection from {0}; In server blacklist.", newConn.Socket.RemoteEndPoint);
+								else
+									Log.Write("server", "Rejected connection from {0}; Not in server whitelist.", newConn.Socket.RemoteEndPoint);
+
+								SendOrderTo(newConn, "ServerError", "You do not have permission to join this server");
 								DropClient(newConn);
 							}
 							else
@@ -494,10 +508,10 @@ namespace OpenRA.Server
 				}
 				else
 				{
-					if (Dedicated && Settings.RequireAuthIDs.Any())
+					if (Dedicated && (Settings.RequireAuthentication || Settings.ProfileIDWhitelist.Any()))
 					{
-						Log.Write("server", "Rejected connection from {0}; Not authenticated and whitelist is set.", newConn.Socket.RemoteEndPoint);
-						SendOrderTo(newConn, "ServerError", "You are not authenticated for this server");
+						Log.Write("server", "Rejected connection from {0}; Not authenticated.", newConn.Socket.RemoteEndPoint);
+						SendOrderTo(newConn, "ServerError", "Server requires players to have an OpenRA forum account");
 						DropClient(newConn);
 					}
 					else
diff --git a/OpenRA.Game/Settings.cs b/OpenRA.Game/Settings.cs
index 924367f04e..40bae6633c 100644
--- a/OpenRA.Game/Settings.cs
+++ b/OpenRA.Game/Settings.cs
@@ -59,8 +59,14 @@ namespace OpenRA
 		[Desc("Takes a comma separated list of IP addresses that are not allowed to join.")]
 		public string[] Ban = { };
 
-		[Desc("If non-empty, only allow authenticated players with these user IDs to join.")]
-		public int[] RequireAuthIDs = { };
+		[Desc("For dedicated servers only, allow anonymous clients to join.")]
+		public bool RequireAuthentication = false;
+
+		[Desc("For dedicated servers only, if non-empty, only allow authenticated players with these profile IDs to join.")]
+		public int[] ProfileIDWhitelist = { };
+
+		[Desc("For dedicated servers only, if non-empty, always reject players with these user IDs from joining.")]
+		public int[] ProfileIDBlacklist = { };
 
 		[Desc("For dedicated servers only, controls whether a game can be started with just one human player in the lobby.")]
 		public bool EnableSingleplayer = false;