Index: wp-admin/admin-ajax.php
===================================================================
--- wp-admin/admin-ajax.php	(revision 52340)
+++ wp-admin/admin-ajax.php	(working copy)
@@ -38,7 +38,7 @@
 
 $core_actions_get = array(
 	'fetch-list', 'ajax-tag-search', 'wp-compression-test', 'imgedit-preview', 'oembed-cache',
-	'autocomplete-user', 'dashboard-widgets',
+	'autocomplete-user', 'dashboard-widgets', 'logged-in',
 );
 
 $core_actions_post = array(
Index: wp-admin/includes/ajax-actions.php
===================================================================
--- wp-admin/includes/ajax-actions.php	(revision 52340)
+++ wp-admin/includes/ajax-actions.php	(working copy)
@@ -212,6 +212,10 @@
 	wp_die();
 }
 
+function wp_ajax_logged_in() {
+	wp_die( 1 );
+}
+
 /*
  * Ajax helper.
  */
Index: wp-admin/js/customize-controls.dev.js
===================================================================
--- wp-admin/js/customize-controls.dev.js	(revision 52340)
+++ wp-admin/js/customize-controls.dev.js	(working copy)
@@ -288,9 +288,7 @@
 		sensitivity: 2000,
 
 		initialize: function( params, options ) {
-			var loaded   = false,
-				ready    = false,
-				deferred = $.Deferred(),
+			var deferred = $.Deferred(),
 				self     = this;
 
 			// This is the promise object.
@@ -304,18 +302,31 @@
 
 			this.add( 'previewUrl', params.previewUrl );
 
-			this.bind( 'ready', function() {
+			this.query = $.extend( params.query || {}, { customize_messenger_channel: this.channel() });
+
+			this.run( deferred );
+		},
+
+		run: function( deferred ) {
+			var self   = this,
+				loaded = false,
+				ready  = false;
+
+			if ( this._ready )
+				this.unbind( 'ready', this._ready );
+
+			this._ready = function() {
 				ready = true;
 
 				if ( loaded )
 					deferred.resolveWith( self );
-			});
+			};
 
-			params.query = $.extend( params.query || {}, { customize_messenger_channel: this.channel() });
+			this.bind( 'ready', this._ready );
 
 			this.request = $.ajax( this.previewUrl(), {
 				type: 'POST',
-				data: params.query,
+				data: this.query,
 				xhrFields: {
 					withCredentials: true
 				}
@@ -339,7 +350,7 @@
 
 				// Check if the user is not logged in.
 				if ( '0' === response ) {
-					deferred.rejectWith( self, [ 'logged out' ] );
+					self.login( deferred );
 					return;
 				}
 
@@ -360,10 +371,6 @@
 				response = response.slice( 0, index ) + response.slice( index + signature.length );
 
 				// Create the iframe and inject the html content.
-				// Strip the signature from the request.
-				response = response.slice( 0, index ) + response.slice( index + signature.length );
-
-				// Create the iframe and inject the html content.
 				self.iframe = $('<iframe />').appendTo( self.previewer.container );
 
 				// Bind load event after the iframe has been added to the page;
@@ -388,6 +395,37 @@
 			});
 		},
 
+		login: function( deferred ) {
+			var self = this,
+				reject;
+
+			reject = function() {
+				deferred.rejectWith( self, [ 'logged out' ] );
+			};
+
+			if ( this.triedLogin )
+				return reject();
+
+			// Check if we have an admin cookie.
+			$.get( api.settings.url.ajax, {
+				action: 'logged-in'
+			}).fail( reject ).done( function( response ) {
+				var iframe;
+
+				if ( '1' !== response )
+					reject();
+
+				iframe = $('<iframe src="' + self.previewUrl() + '" />').hide();
+				iframe.appendTo( self.previewer.container );
+				iframe.load( function() {
+					self.triedLogin = true;
+
+					iframe.remove();
+					self.run( deferred );
+				});
+			});
+		},
+
 		destroy: function() {
 			api.Messenger.prototype.destroy.call( this );
 			this.request.abort();