--- services.runtime.inc.orig	2011-08-05 12:36:32.616806470 +1000
+++ services.runtime.inc	2011-08-05 12:46:39.997147301 +1000
@@ -109,14 +109,17 @@
   services_set_server_info('original_user', $original_user);
 
   // Check authentication
+  $authentication = array();
+
   if (!isset($options['skip_authentication']) || !$options['skip_authentication']) {
     $endpoint_name = services_get_server_info('endpoint');
     $endpoint = services_endpoint_load($endpoint_name);
-
-    foreach ($endpoint->authentication as $auth_module => $settings) {
-      if (isset($settings) && $auth_error = services_auth_invoke($auth_module, 'authenticate_call', $settings, $controller, $args)) {
-        return services_error($auth_error, 401);
-      }
+    $authentication += $endpoint->authentication;
+  }
+  
+  foreach ($authentication as $auth_module => $settings) {
+    if (isset($settings) && $auth_error = services_auth_invoke($auth_module, 'authenticate_call', $settings, $controller, $args)) {
+      return services_error($auth_error, 401);
     }
   }
 
@@ -172,6 +175,12 @@
       $result = call_user_func_array($callable, array($args, $controller, $result));
     }
   }
+
+  foreach ($authentication as $auth_module => $settings) {
+    if (isset($settings)) {
+      services_auth_invoke($auth_module, 'deauthenticate_call', $settings, $controller, $args);
+    }
+  }
   
   if (drupal_save_session($user) === FALSE) {
     $user = $original_user;