diff --git a/Controllers/LoginController.cs b/Controllers/LoginController.cs
new file mode 100644
index 0000000..f855125
--- /dev/null
+++ b/Controllers/LoginController.cs
@@ -0,0 +1,54 @@
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Mvc;
+using System.ComponentModel.DataAnnotations;
+using System.Security.Claims;
+
+namespace BinaryDad.Notes.Controllers
+{
+    public class LoginController : Controller
+    {
+        [Route("login")]
+        public IActionResult Login()
+        {
+            return View();
+        }
+
+        [ActionName(nameof(Login))]
+        [Route("login")]
+        [HttpPost]
+        public async Task<IActionResult> LoginPost([Required] string passPhrase, string returnUrl)
+        {
+            if (ModelState.IsValid)
+            {
+                var appPassPhrase = Environment.GetEnvironmentVariable("APP_PASS_PHRASE");
+
+                if (passPhrase == appPassPhrase)
+                {
+                    var claims = new List<Claim>
+                    {
+                        new Claim(ClaimTypes.GivenName, "Ryan")
+                    };
+
+                    var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
+
+                    await HttpContext.SignInAsync(new ClaimsPrincipal(claimsIdentity));
+
+                    return Redirect(returnUrl);
+                }
+
+                ModelState.AddModelError("", "Invalid login");
+            }
+
+            return View();
+        }
+
+        [Route("logout")]
+        public async Task<IActionResult> Logout()
+        {
+            await HttpContext.SignOutAsync();
+
+            return Redirect("/");
+        }
+    }
+}
diff --git a/Controllers/HomeController.cs b/Controllers/NoteController.cs
similarity index 69%
rename from Controllers/HomeController.cs
rename to Controllers/NoteController.cs
index c280efe..8f0c6a2 100644
--- a/Controllers/HomeController.cs
+++ b/Controllers/NoteController.cs
@@ -1,13 +1,15 @@
 using BinaryDad.Notes.Services;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace BinaryDad.Notes.Controllers;
 
-public class HomeController : Controller
+[Authorize]
+public class NoteController : Controller
 {
     private readonly INoteService noteService;
 
-    public HomeController(INoteService noteService)
+    public NoteController(INoteService noteService)
     {
         this.noteService = noteService;
     }
diff --git a/Program.cs b/Program.cs
index 141e79e..c361739 100644
--- a/Program.cs
+++ b/Program.cs
@@ -1,5 +1,6 @@
 using BinaryDad.Notes;
 using BinaryDad.Notes.Services;
+using Microsoft.AspNetCore.Authentication.Cookies;
 
 var builder = WebApplication.CreateBuilder(args);
 
@@ -8,6 +9,16 @@ builder.Services.AddControllersWithViews();
 builder.Services.AddSignalR();
 builder.Services.AddSingleton<INoteService, FileNoteService>();
 
+builder.Services.AddSession(options =>
+{
+    options.IdleTimeout = TimeSpan.FromMinutes(30);
+});
+
+builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(o =>
+{
+    o.LoginPath = "/login";
+});
+
 var app = builder.Build();
 
 // Configure the HTTP request pipeline.
@@ -19,12 +30,12 @@ if (!app.Environment.IsDevelopment())
 app.UseStaticFiles();
 
 app.UseRouting();
-
+app.UseAuthentication();
 app.UseAuthorization();
 
 app.MapControllerRoute(
     name: "default",
-    pattern: "{controller=Home}/{action=Index}/{id?}");
+    pattern: "{controller=Note}/{action=Index}/{id?}");
 
 app.MapHub<NoteHub>("/noteHub");
 
diff --git a/Properties/launchSettings.json b/Properties/launchSettings.json
index 67f6526..b9b9056 100644
--- a/Properties/launchSettings.json
+++ b/Properties/launchSettings.json
@@ -4,7 +4,8 @@
       "commandName": "Project",
       "launchBrowser": true,
       "environmentVariables": {
-        "ASPNETCORE_ENVIRONMENT": "Development"
+        "ASPNETCORE_ENVIRONMENT": "Development",
+        "APP_PASS_PHRASE": "123456"
       },
       "dotnetRunMessages": true,
       "applicationUrl": "http://localhost:5015"
diff --git a/Views/Login/Login.cshtml b/Views/Login/Login.cshtml
new file mode 100644
index 0000000..27e3027
--- /dev/null
+++ b/Views/Login/Login.cshtml
@@ -0,0 +1,9 @@
+@{
+    ViewBag.Title = "Login";
+}
+
+@Html.ValidationSummary()
+
+<form method="post">
+    <input type="password" name="passPhrase" placeholder="Pass Phrase" />
+</form>
\ No newline at end of file
diff --git a/Views/Home/Index.cshtml b/Views/Note/Index.cshtml
similarity index 100%
rename from Views/Home/Index.cshtml
rename to Views/Note/Index.cshtml
diff --git a/wwwroot/css/site.css b/wwwroot/css/site.css
index ce64259..e4db9cd 100644
--- a/wwwroot/css/site.css
+++ b/wwwroot/css/site.css
@@ -63,3 +63,13 @@ textarea {
     .toast#update-indicator {
         background-color: orangered;
     }
+
+form input[type=password] {
+    display: block;
+    margin: 20px auto;
+    font-size: 20px;
+    padding: 8px;
+    border: 1px solid #999;
+    border-radius: 4px;
+    color: #999;
+}