diff --git a/EnvelopeGenerator.ReceiverUI/Pages/EnvelopeSenderPage.razor b/EnvelopeGenerator.ReceiverUI/Pages/EnvelopeSenderPage.razor
index b9b8818b..bbe36e27 100644
--- a/EnvelopeGenerator.ReceiverUI/Pages/EnvelopeSenderPage.razor
+++ b/EnvelopeGenerator.ReceiverUI/Pages/EnvelopeSenderPage.razor
@@ -322,6 +322,13 @@
 
     protected override async Task OnInitializedAsync()
     {
+        var hasAccess = await AuthService.CheckSenderAsync();
+        if (!hasAccess)
+        {
+            Navigation.NavigateTo($"/sender/login");
+            return;
+        }
+
         await LoadEnvelopesAsync();
     }
 
diff --git a/EnvelopeGenerator.ReceiverUI/Services/AuthService.cs b/EnvelopeGenerator.ReceiverUI/Services/AuthService.cs
index 4fa759ee..9bff4bd1 100644
--- a/EnvelopeGenerator.ReceiverUI/Services/AuthService.cs
+++ b/EnvelopeGenerator.ReceiverUI/Services/AuthService.cs
@@ -58,6 +58,16 @@ public class AuthService(HttpClient http, IOptions<ApiOptions> apiOptions)
         return response.IsSuccessStatusCode;
     }
 
+    /// <summary>
+    /// Checks whether the current user holds a valid receiver token for the given envelope key.
+    /// Calls GET /api/auth/check/envelope/{envelopeKey}.
+    /// </summary>
+    public async Task<bool> CheckSenderAsync(CancellationToken cancel = default)
+    {
+        var response = await http.GetAsync($"{_api.BaseUrl}/api/auth/check", cancel);
+        return response.StatusCode == HttpStatusCode.OK;
+    }
+
     /// <summary>
     /// Authenticates a sender user with username and password.
     /// Calls POST /api/auth?cookie=true with JSON body.