diff --git a/internal/server/api.go b/internal/server/api.go
index 14da64e..a41ac5c 100644
--- a/internal/server/api.go
+++ b/internal/server/api.go
@@ -12,7 +12,6 @@ import (
 )
 
 func HandleAPI(w http.ResponseWriter, r *http.Request) {
-	slog.Info("Api Handler hit")
 	_, s := session.GetSession(r)
 	if s == nil {
 		// Fallthrough after so that jsonrpc can still deliver a valid jsonrpc error
diff --git a/internal/server/server.go b/internal/server/server.go
index cfa0fe7..19f7d39 100644
--- a/internal/server/server.go
+++ b/internal/server/server.go
@@ -17,11 +17,13 @@ var server http.Server
 var mux = http.NewServeMux()
 var apiHandler *jsonrpc.Handler
 var stopCleanup chan struct{}
+var configManager *config.ConfigManager
 
-func StartWebserver(configManager *config.ConfigManager, _apiHandler *jsonrpc.Handler) {
+func StartWebserver(_configManager *config.ConfigManager, _apiHandler *jsonrpc.Handler) {
 	server.Addr = ":8080"
 	server.Handler = mux
 	apiHandler = _apiHandler
+	configManager = _configManager
 
 	// Routing
 	mux.HandleFunc("/login", HandleLogin)
diff --git a/internal/server/session.go b/internal/server/session.go
index 1896f29..4cc4bf7 100644
--- a/internal/server/session.go
+++ b/internal/server/session.go
@@ -7,6 +7,7 @@ import (
 	"time"
 
 	"golang.org/x/exp/slog"
+	"nfsense.net/nfsense/internal/auth"
 	"nfsense.net/nfsense/internal/session"
 )
 
@@ -27,13 +28,16 @@ func HandleLogin(w http.ResponseWriter, r *http.Request) {
 		slog.Error("Unmarshal", err)
 		return
 	}
-	if req.Username == "admin" && req.Password == "12345" {
-		slog.Info("User Login Successfull")
-		session.GenerateSession(w, req.Username)
-		w.WriteHeader(http.StatusOK)
+	err = auth.AuthenticateUser(configManager.GetCurrentConfig(), req.Username, req.Password)
+	if err != nil {
+		slog.Error("User Login failed", "err", err, "username", req.Username)
+		w.WriteHeader(http.StatusUnauthorized)
 		return
 	}
-	w.WriteHeader(http.StatusUnauthorized)
+
+	slog.Info("User Login Successful", "username", req.Username)
+	session.GenerateSession(w, req.Username)
+	w.WriteHeader(http.StatusOK)
 }
 
 func HandleLogout(w http.ResponseWriter, r *http.Request) {
diff --git a/internal/session/session.go b/internal/session/session.go
index 6d7ccbf..3378d2a 100644
--- a/internal/session/session.go
+++ b/internal/session/session.go
@@ -18,7 +18,7 @@ const SessionLifeTime = time.Minute * 15
 type Session struct {
 	Username string
 	Expires  time.Time
-	// TODO Add []websocket.Conn pointer to close all active websockets, alternativly do this via context cancelation
+	// TODO Add []websocket.Conn pointer to close all active websockets, alternatively do this via context cancelation
 }
 
 type SessionResponse struct {