diff --git a/config/install/shield.settings.yml b/config/install/shield.settings.yml
index 676cffb..5bff9b9 100644
--- a/config/install/shield.settings.yml
+++ b/config/install/shield.settings.yml
@@ -1,3 +1,4 @@
+credentials_type: 'user'
 user: ''
 pass: ''
 # For real security, remove [user] and [pass].
diff --git a/src/Form/ShieldSettingsForm.php b/src/Form/ShieldSettingsForm.php
index 2291bcc..a5bf29d 100644
--- a/src/Form/ShieldSettingsForm.php
+++ b/src/Form/ShieldSettingsForm.php
@@ -53,17 +53,36 @@ class ShieldSettingsForm extends ConfigFormBase {
       '#title' => $this->t('Credentials'),
     );
 
+    $form['credentials']['credentials_type'] = array(
+      '#type' => 'select',
+      '#title' => $this->t('Credentials type'),
+      '#options' => array(
+        'user' => $this->t('Use drupal user\'s credentials'),
+        'custom' => $this->t('Use custom credentials'),
+      ),
+    );
+
     $form['credentials']['shield_user'] = array(
       '#type' => 'textfield',
       '#title' => $this->t('User'),
       '#default_value' => $shield_config->get('user'),
       '#description' => $this->t('Live it blank to disable authentication.'),
+      '#states' => array(
+        'visible' => array(
+          'select[name="credentials_type"]' => array('value' => 'custom'),
+        ),
+      ),
     );
 
     $form['credentials']['shield_pass'] = array(
       '#type' => 'textfield',
       '#title' => $this->t('Password'),
       '#default_value' => $shield_config->get('pass'),
+      '#states' => array(
+        'visible' => array(
+          'select[name="credentials_type"]' => array('value' => 'custom'),
+        ),
+      ),
     );
 
     $form['shield_print'] = array(
@@ -90,6 +109,7 @@ class ShieldSettingsForm extends ConfigFormBase {
 
     $this->config('shield.settings')
       ->set('allow_cli', $form_state->getValue('shield_allow_cli'))
+      ->set('credentials_type', $form_state->getValue('credentials_type'))
       ->set('user', $form_state->getValue('shield_user'))
       ->set('pass', $form_state->getValue('shield_pass'))
       ->set('print', $form_state->getValue('shield_print'))
diff --git a/src/ShieldMiddleware.php b/src/ShieldMiddleware.php
index c711f9b..a77a8be 100644
--- a/src/ShieldMiddleware.php
+++ b/src/ShieldMiddleware.php
@@ -4,6 +4,7 @@ namespace Drupal\shield;
 
 use Drupal\Component\Utility\Crypt;
 use Drupal\Core\Config\ConfigFactoryInterface;
+use Drupal\user\UserAuth;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\HttpKernelInterface;
@@ -48,8 +49,9 @@ class ShieldMiddleware implements HttpKernelInterface {
     $allow_cli = $config->get('allow_cli');
     $user = $config->get('user');
     $pass = $config->get('pass');
+    $credentialsType = $config->get('credentials_type');
 
-    if ($type != self::MASTER_REQUEST || !$user || (PHP_SAPI === 'cli' && $allow_cli)) {
+    if ($type != self::MASTER_REQUEST || ($credentialsType === 'custom' && !$user) || (PHP_SAPI === 'cli' && $allow_cli)) {
       // Bypass:
       // 1. Subrequests
       // 2. Empty username
@@ -68,7 +70,13 @@ class ShieldMiddleware implements HttpKernelInterface {
         list($input_user, $input_pass) = explode(':', base64_decode(substr($request->server->get('REDIRECT_HTTP_AUTHORIZATION'), 6)), 2);
       }
 
-      if (isset($input_user) && $input_user === $user && Crypt::hashEquals($pass, $input_pass)) {
+      if ($credentialsType === 'user') {
+        /** @var UserAuth $userAuth */
+        $userAuth = \Drupal::service('user.auth');
+        if ($userAuth->authenticate($input_user, $input_pass)) {
+          return $this->httpKernel->handle($request, $type, $catch);
+        }
+      } elseif (isset($input_user) && $input_user === $user && Crypt::hashEquals($pass, $input_pass)) {
         return $this->httpKernel->handle($request, $type, $catch);
       }
     }