I actually encountered the same challenge today and solved it by making a generic authenticate function. Hope it helps somebody with the same challenge in the future. The function:

1. Checks whether the user exists (a system context is needed for this function call)
2. If the user exists, add the user to a hashmap (because I later on want to use it as an inputparameter of a microflow)
3. Authenticate the user with the core authenticate function
4. If authenticated give back the system context, in all other cases throw a proper exception

private IContext authenticate(String username, String password, HashMap<String, Object> paramsRequest) throws WebserviceException, CoreException 
		{

			IContext context = null;
			
			if(username != null && password != null)
			{	
				// a system context is needed to get a user
				context = Core.createSystemContext();
				// get the user
				IUser user = Core.getUser(context, username);
				if (user != null){
					
					paramsRequest.put("User", user.getMendixObject());
					boolean authenticated = Core.authenticate(context, user, password);
					
					logNode.log(mxLogLevel, "User with username " + username + " authenticated: " + authenticated);
					
					if (!authenticated){
						throw new WebserviceException(WebserviceException.clientFaultCode,"Failed to authenticate user with username " + username);
					}
				} else {
					throw new WebserviceException(WebserviceException.clientFaultCode,"User with username " + username + " does not exist!");
				}
				
			}
			else if(username == null && password == null)
				throw new WebserviceException(WebserviceException.clientFaultCode,"No username nor password supplied");
			else if(username == null)
				throw new WebserviceException(WebserviceException.clientFaultCode,"No username supplied");
			else
				throw new WebserviceException(WebserviceException.clientFaultCode,"No password supplied");	
			
			return context;

		}