diff --git a/bootstrap/setting.go b/bootstrap/setting.go
index c0bd2b15..9f2a9bb1 100644
--- a/bootstrap/setting.go
+++ b/bootstrap/setting.go
@@ -141,6 +141,20 @@ func InitSettings() {
 			Description: "check down link password, your link will be 'https://alist.com/d/filename?pw=xxx'",
 			Group:       model.PUBLIC,
 		},
+		{
+			Key:         "WebDAV username",
+			Value:       "alist",
+			Description: "WebDAV username",
+			Type:        "string",
+			Group:       model.PRIVATE,
+		},
+		{
+			Key:         "WebDAV password",
+			Value:       "alist",
+			Description: "WebDAV password",
+			Type:        "string",
+			Group:       model.PRIVATE,
+		},
 	}
 	for _, v := range settings {
 		_, err := model.GetSettingByKey(v.Key)
diff --git a/conf/var.go b/conf/var.go
index f672d8a0..de8df8dc 100644
--- a/conf/var.go
+++ b/conf/var.go
@@ -45,4 +45,7 @@ var (
 	//CustomizeScript string
 	//Favicon         string
 	CheckDown bool
+
+	DavUsername string
+	DavPassword string
 )
diff --git a/model/setting.go b/model/setting.go
index b42132ae..ae354c02 100644
--- a/model/setting.go
+++ b/model/setting.go
@@ -85,4 +85,13 @@ func LoadSettings() {
 		//conf.CustomizeStyle = customizeScript.Value
 		conf.IndexHtml = strings.Replace(conf.IndexHtml, "// customize-js", customizeScript.Value, 1)
 	}
+
+	davUsername, err := GetSettingByKey("WebDAV username")
+	if err == nil {
+		conf.DavUsername = davUsername.Value
+	}
+	davPassword, err := GetSettingByKey("WebDAV password")
+	if err == nil {
+		conf.DavPassword = davPassword.Value
+	}
 }
diff --git a/server/webdav.go b/server/webdav.go
index 2d897ab1..bf24f508 100644
--- a/server/webdav.go
+++ b/server/webdav.go
@@ -1,8 +1,10 @@
 package server
 
 import (
+	"github.com/Xhofe/alist/conf"
 	"github.com/Xhofe/alist/server/webdav"
 	"github.com/gin-gonic/gin"
+	"net/http"
 )
 
 var handler *webdav.Handler
@@ -16,6 +18,7 @@ func init() {
 
 func WebDav(r *gin.Engine) {
 	dav := r.Group("/dav")
+	dav.Use(WebDAVAuth)
 	dav.Any("/*path", ServeWebDAV)
 	dav.Any("", ServeWebDAV)
 	dav.Handle("PROPFIND", "/*path", ServeWebDAV)
@@ -31,4 +34,27 @@ func WebDav(r *gin.Engine) {
 func ServeWebDAV(c *gin.Context) {
 	fs := webdav.FileSystem{}
 	handler.ServeHTTP(c.Writer,c.Request,&fs)
+}
+
+func WebDAVAuth(c *gin.Context) {
+	if c.Request.Method == "OPTIONS" {
+		c.Next()
+		return
+	}
+	username, password, ok := c.Request.BasicAuth()
+	if !ok {
+		c.Writer.Header()["WWW-Authenticate"] = []string{`Basic realm="alist"`}
+		c.Status(http.StatusUnauthorized)
+		c.Abort()
+		return
+	}
+	if conf.DavUsername != "" && conf.DavUsername != username {
+		c.Status(http.StatusUnauthorized)
+		c.Abort()
+	}
+	if conf.DavPassword != "" && conf.DavPassword != password {
+		c.Status(http.StatusUnauthorized)
+		c.Abort()
+	}
+	c.Next()
 }
\ No newline at end of file