diff --git a/Program.cs b/Program.cs
index 92d7475..374c03c 100644
--- a/Program.cs
+++ b/Program.cs
@@ -1,4 +1,5 @@
 using Microsoft.EntityFrameworkCore;
+using Microsoft.AspNetCore.Authentication.Cookies;
 using NoticeBoard.Data;
 
 var builder = WebApplication.CreateBuilder(args);
@@ -11,9 +12,19 @@ builder.Services.AddDbContext<AppDbContext>(options =>
 builder.Services.AddControllersWithViews();
 builder.Services.AddHttpClient();
 
+// Cookie authentication for admin panel
+builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
+    .AddCookie(options =>
+    {
+        options.LoginPath = "/account/login";
+        options.LogoutPath = "/account/logout";
+        options.ExpireTimeSpan = TimeSpan.FromHours(12);
+        options.SlidingExpiration = true;
+    });
+
 var app = builder.Build();
 
-// Auto-create database on startup (use Migrate() if using EF migrations)
+// Auto-create database on startup
 using (var scope = app.Services.CreateScope())
 {
     var db = scope.ServiceProvider.GetRequiredService<AppDbContext>();
@@ -28,12 +39,19 @@ if (!app.Environment.IsDevelopment())
 
 app.UseStaticFiles();
 app.UseRouting();
+app.UseAuthentication();
+app.UseAuthorization();
 
 // Ensure uploads directory exists
 var uploadsPath = Path.Combine(app.Environment.WebRootPath, "uploads");
 if (!Directory.Exists(uploadsPath))
     Directory.CreateDirectory(uploadsPath);
 
+app.MapControllerRoute(
+    name: "account",
+    pattern: "account/{action=Login}",
+    defaults: new { controller = "Account" });
+
 app.MapControllerRoute(
     name: "admin",
     pattern: "admin/{action=Index}/{id?}",
@@ -54,20 +72,17 @@ app.MapControllerRoute(
     pattern: "api/{action}/{id?}",
     defaults: new { controller = "Api" });
 
-// Display route: /{slug} — must be last to act as catch-all
 app.MapControllerRoute(
     name: "display",
     pattern: "d/{slug}",
     defaults: new { controller = "Display", action = "Show" });
 
-// Also support root-level slugs
 app.MapControllerRoute(
     name: "display-root",
     pattern: "{slug}",
     defaults: new { controller = "Display", action = "Show" },
     constraints: new { slug = new NoticeBoard.Routing.DeviceSlugConstraint() });
 
-// Default route goes to admin
 app.MapControllerRoute(
     name: "default",
     pattern: "",