diff --git a/db/index.js b/db/index.js
new file mode 100644
index 0000000..498a88c
--- /dev/null
+++ b/db/index.js
@@ -0,0 +1 @@
+exports.users = require('./users');
diff --git a/db/users.js b/db/users.js
new file mode 100644
index 0000000..c842660
--- /dev/null
+++ b/db/users.js
@@ -0,0 +1,27 @@
+var records = [
+    { id: 1, username: 'jack', password: 'secret', displayName: 'Jack', emails: [ { value: 'jack@example.com' } ] }
+  , { id: 2, username: 'jill', password: 'birthday', displayName: 'Jill', emails: [ { value: 'jill@example.com' } ] }
+];
+
+exports.findById = function(id, cb) {
+  process.nextTick(function() {
+    var idx = id - 1;
+    if (records[idx]) {
+      cb(null, records[idx]);
+    } else {
+      cb(new Error('User ' + id + ' does not exist'));
+    }
+  });
+}
+
+exports.findByUsername = function(username, cb) {
+  process.nextTick(function() {
+    for (var i = 0, len = records.length; i < len; i++) {
+      var record = records[i];
+      if (record.username === username) {
+        return cb(null, record);
+      }
+    }
+    return cb(null, null);
+  });
+}
diff --git a/package.json b/package.json
index 67c017b..738bc83 100644
--- a/package.json
+++ b/package.json
@@ -3,11 +3,16 @@
   "version": "0.0.1",
   "dependencies": {
     "body-parser": "^1.12.4",
+    "connect-ensure-login": "^0.1.1",
+    "cookie-parser": "^1.4.3",
     "express": "^4.12.4",
     "express-hbs": "^0.8.4",
+    "express-session": "^1.13.0",
     "handlebars-form-helpers": "^0.1.3",
     "moment-timezone": "^0.4.0",
     "nodemailer": "^1.3.4",
+    "passport": "^0.3.2",
+    "passport-local": "^1.0.0",
     "pg": "^4.4.3",
     "sqlite3": "^3.0.8",
     "winston": "^2.1.1"
diff --git a/server.js b/server.js
index 7e073d0..45f1bef 100644
--- a/server.js
+++ b/server.js
@@ -6,8 +6,42 @@ var app = express();
 var winston = require('winston');
 winston.add(winston.transports.File, { filename: './logs/notes.kaplon.us.log', maxsize: 5000000 });  // 5MB
 var fileSystem = require('fs');
+var passport = require('passport');
+var Strategy = require('passport-local').Strategy;
+var db = require('./db');
+
+// Configure the local strategy for use by Passport.
+// The local strategy require a `verify` function which receives the credentials
+// (`username` and `password`) submitted by the user.  The function must verify
+// that the password is correct and then invoke `cb` with a user object, which
+// will be set at `req.user` in route handlers after authentication.
+passport.use(new Strategy(
+  function(username, password, cb) {
+    db.users.findByUsername(username, function(err, user) {
+      winston.info('trying to lookup user.');
+      if (err) { winston.info('db.users.findByUsername error.'); return cb(err); }
+      if (!user) { winston.info('bad user'); return cb(null, false); }
+      if (user.password != password) { winston.info('bad pw'); return cb(null, false); }
+      return cb(null, user);
+    });
+  }));
+// Configure Passport authenticated session persistence.
+//
+// In order to restore authentication state across HTTP requests, Passport needs
+// to serialize users into and deserialize users out of the session.  The
+// typical implementation of this is as simple as supplying the user ID when
+// serializing, and querying the user record by ID from the database when
+// deserializing.
+passport.serializeUser(function(user, cb) {
+  cb(null, user.id);
+});
+passport.deserializeUser(function(id, cb) {
+  db.users.findById(id, function (err, user) {
+    if (err) { return cb(err); }
+    cb(null, user);
+  });
+});
 
-app.use(bodyParser.text());   // Use defaults for now, size limit is 100kb.
 
 // Use `.hbs` for extensions and find partials in `views/partials`.
 app.engine('hbs', hbs.express4({
@@ -16,15 +50,24 @@ app.engine('hbs', hbs.express4({
 app.set('view engine', 'hbs');
 app.set('views', __dirname + '/views');
 app.use(express.static('assets'));
-
+app.use(require('cookie-parser')());
+app.use(bodyParser.text());   // Use defaults for now, size limit is 100kb.
+app.use(bodyParser.urlencoded({ extended: true }));   // Also need url encoding to handle login form.
+app.use(require('express-session')({ secret: 'keyboard cat', resave: false, saveUninitialized: false }));
 var notePath = __dirname + '/note-data/allNotes.txt';
 
+// Initialize Passport and restore authentication state, if any, from the session.
+app.use(passport.initialize());
+app.use(passport.session());
+
+//app.get('/', require('connect-ensure-login').ensureLoggedIn(), function(req, res){
 app.get('/', function(req, res){
     winston.info("GET /");
     // Get curent text from allNotes.txt and pass that data to handlebars template.
     fileSystem.readFile(notePath, {encoding: 'utf-8'}, function(err,data){
         if (!err){
             winston.info('successful file read');
+            //res.render('index', {notetxt: data}, {user: req.user}, function(err, html) {
             res.render('index', {notetxt: data}, function(err, html) {
                 if(err !== null) {
                     winston.error(err);
@@ -68,6 +111,23 @@ app.post('/', function(req, res){
     res.status(204).send('POST received');
 });
 
+app.get('/login', function(req, res){
+    winston.info('GET /login');
+    res.render('login');
+});
+  
+app.post('/login', 
+  passport.authenticate('local', { failureRedirect: '/login' }),
+  function(req, res) {
+    winston.info('sucessful login');
+    res.redirect('/');
+});
+  
+app.get('/logout', function(req, res){
+    req.logout();
+    res.redirect('/');
+});
+
 // This is broken due to permission error from bitbucket.
 // Not sure how to auth container git user to bitbucket...comment it all out for now.
 //setInterval(function() {
diff --git a/views/login.hbs b/views/login.hbs
new file mode 100644
index 0000000..f82412f
--- /dev/null
+++ b/views/login.hbs
@@ -0,0 +1,13 @@
+<form action="/login" method="post">
+    <div>
+    <label>Username:</label>
+    <input type="text" name="username"/><br/>
+    </div>
+    <div>
+    <label>Password:</label>
+    <input type="password" name="password"/>
+    </div>
+    <div>
+    <input type="submit" value="Submit"/>
+    </div>
+</form>