diff --git a/lib/access-context.js b/lib/access-context.js
index 0040020c..4afb2bb0 100644
--- a/lib/access-context.js
+++ b/lib/access-context.js
@@ -80,17 +80,16 @@ function AccessContext(context) {
   var principalType = context.principalType || Principal.USER;
   var principalId = context.principalId || undefined;
   var principalName = context.principalName || undefined;
-
-  if (principalId) {
+  if (principalId != null) {
     this.addPrincipal(principalType, principalId, principalName);
   }
 
   var token = this.accessToken || {};
 
-  if (token.userId) {
+  if (token.userId != null) {
     this.addPrincipal(Principal.USER, token.userId);
   }
-  if (token.appId) {
+  if (token.appId != null) {
     this.addPrincipal(Principal.APPLICATION, token.appId);
   }
   this.remotingContext = context.remotingContext;
@@ -193,7 +192,7 @@ AccessContext.prototype.getAppId = function() {
  * @returns {boolean}
  */
 AccessContext.prototype.isAuthenticated = function() {
-  return !!(this.getUserId() || this.getAppId());
+  return this.getUserId() != null || this.getAppId() != null;
 };
 
 /**
diff --git a/test/role.test.js b/test/role.test.js
index 37ef664b..4415984d 100644
--- a/test/role.test.js
+++ b/test/role.test.js
@@ -364,6 +364,55 @@ describe('role model', function() {
     });
   });
 
+  it('should be properly authenticated with 0 userId', function(done) {
+    var userData = {name: 'Raymond', email: 'x@y.com', password: 'foobar', id: 0};
+    User.create(userData, function(err, user) {
+      if (err) return done(err);
+      Role.create({name: 'userRole'}, function(err, role) {
+        if (err) return done(err);
+        role.principals.create({principalType: RoleMapping.USER, principalId: user.id},
+        function(err, p) {
+          if (err) return done(err);
+          async.series([
+            function(next) {
+              Role.isInRole(
+                'userRole',
+                {principalType: RoleMapping.USER, principalId: user.id},
+                function(err, inRole) {
+                  if (err) return next(err);
+                  assert(!!inRole);
+                  next();
+                });
+            },
+            function(next) {
+              Role.isInRole(
+                'userRole',
+                {principalType: RoleMapping.APP, principalId: user.id},
+                function(err, inRole) {
+                  if (err) return next(err);
+                  assert(!inRole);
+                  next();
+                });
+            },
+            function(next) {
+              Role.getRoles(
+                {principalType: RoleMapping.USER, principalId: user.id},
+                function(err, roles) {
+                  if (err) return next(err);
+                  expect(roles).to.eql([
+                    Role.AUTHENTICATED,
+                    Role.EVERYONE,
+                    role.id,
+                  ]);
+                  next();
+                });
+            },
+          ], done);
+        });
+      });
+    });
+  });
+
   // this test should be split to address one resolver at a time
   it('supports built-in role resolvers', function(done) {
     Role.registerResolver('returnPromise', function(role, context) {