diff --git a/Controllers/AuthController.cs b/Controllers/AuthController.cs
new file mode 100644
index 0000000..b02a554
--- /dev/null
+++ b/Controllers/AuthController.cs
@@ -0,0 +1,41 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Identity.Data;
+using Microsoft.AspNetCore.Mvc;
+using Trazo.Model;
+
+namespace Trazo.Controllers;
+
+[ApiController]
+[Route("api/[controller]")]
+public class AuthController(
+    SignInManager<User> _signInManager,
+    UserManager<User> _userManager,
+    IConfiguration _configuration
+    ) : ControllerBase
+{
+
+    [HttpPost("login")]
+    public async Task<IActionResult> Login([FromBody] LoginRequest request)
+    {
+        var result = await _signInManager.PasswordSignInAsync(
+            request.Email,
+            request.Password,
+            false,
+            false);
+
+        if (!result.Succeeded)
+            return Unauthorized();
+
+        // Generate your JWT here
+        return Ok(new { token = "your-jwt-token" });
+    }
+
+    [Authorize]
+    [HttpPost("logout")]
+    public async Task<IActionResult> Logout()
+    {
+        await _signInManager.SignOutAsync();
+        return Ok();
+    }
+}
diff --git a/Program.cs b/Program.cs
index e396daa..ee1c56c 100644
--- a/Program.cs
+++ b/Program.cs
@@ -9,16 +9,29 @@ builder.Services.AddControllers();
 
 // Add services to the container.
 builder.Services.AddAuthorization();
-builder.Services.AddAuthentication().AddCookie(IdentityConstants.ApplicationScheme);
 
-builder.Services.AddIdentityCore<User>()
-    .AddRoles<IdentityRole<Guid>>()
+builder.Services.AddIdentity<User, IdentityRole<Guid>>(options =>
+        {
+            options.SignIn.RequireConfirmedAccount = true;
+            options.Password.RequiredLength = 8;
+        })
     .AddEntityFrameworkStores<ApplicationDbContext>()
-    .AddApiEndpoints();
+    .AddSignInManager();
 
 builder.Services.AddDbContext<ApplicationDbContext>(options =>
         options.UseNpgsql(builder.Configuration.GetConnectionString("Database")));
 
+// CORS
+builder.Services.AddCors(options =>
+{
+    options.AddPolicy("ApiPolicy", builder =>
+    {
+        builder.WithOrigins("http://localhost")
+               .AllowAnyMethod()
+               .AllowAnyHeader();
+    });
+});
+
 // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
 builder.Services.AddEndpointsApiExplorer();
 builder.Services.AddSwaggerGen(options =>
@@ -39,11 +52,11 @@ if (app.Environment.IsDevelopment())
     app.MapScalarApiReference();
 }
 
-
-app.MapIdentityApi<User>();
-
+app.UseCors("ApiPolicy");
+app.UseAuthentication();
 app.UseAuthorization();
 
+/*app.MapIdentityApi<User>();*/
 app.MapControllers();
 
 app.Run();