diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index b8a02d2a5..559acd6df 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -7,6 +7,14 @@ class ApplicationController < ActionController::Base
   before_action :set_raven_context
   before_action :authorize_request_for_profiler
 
+  before_action :staging_authenticate
+
+  def staging_authenticate
+    if StagingAuthService.enabled? && !authenticate_with_http_basic { |username, password| StagingAuthService.authenticate(username, password) }
+      request_http_basic_authentication
+    end
+  end
+
   def authorize_request_for_profiler
     if administration_signed_in?
       Rack::MiniProfiler.authorize_request
diff --git a/app/services/staging_auth_service.rb b/app/services/staging_auth_service.rb
new file mode 100644
index 000000000..79d94310c
--- /dev/null
+++ b/app/services/staging_auth_service.rb
@@ -0,0 +1,23 @@
+class StagingAuthService
+  CONFIG_PATH = Rails.root.join("/config/basic_auth.yml")
+
+  def self.authenticate(username, password)
+    if enabled?
+      username == config[:username] && password == config[:password]
+    else
+      true
+    end
+  end
+
+  def self.enabled?
+    !!config[:enabled]
+  end
+
+  def self.config
+    if File.exists?(CONFIG_PATH)
+      YAML.safe_load(File.read(CONFIG_PATH)).symbolize_keys
+    else
+      {}
+    end
+  end
+end