diff --git a/Data/Server/WebUI/src/Login.jsx b/Data/Server/WebUI/src/Login.jsx
index 4c25286..3be8ab3 100644
--- a/Data/Server/WebUI/src/Login.jsx
+++ b/Data/Server/WebUI/src/Login.jsx
@@ -8,7 +8,7 @@ export default function Login({ onLogin }) {
   const [error, setError] = useState("");
 
   useEffect(() => {
-    fetch("/users.json")
+    fetch("/api/users")
       .then((res) => res.json())
       .then((data) => setUsers(data.users || []))
       .catch(() => setUsers([]));
@@ -30,7 +30,7 @@ export default function Login({ onLogin }) {
       return;
     }
     const hash = await sha512(password);
-    if (hash === user.password) {
+    if (hash.toLowerCase() === (user.password || "").toLowerCase()) {
       setError("");
       onLogin(username);
     } else {
diff --git a/Data/Server/server.py b/Data/Server/server.py
index 56ec5da..b953f95 100644
--- a/Data/Server/server.py
+++ b/Data/Server/server.py
@@ -61,6 +61,20 @@ def serve_dist(path):
 def health():
     return jsonify({"status": "ok"})
 
+# ---------------------------------------------
+# User Authentication Endpoint
+# ---------------------------------------------
+@app.route("/api/users", methods=["GET"])
+def get_users():
+    users_path = os.path.abspath(
+        os.path.join(os.path.dirname(__file__), "..", "..", "users.json")
+    )
+    try:
+        with open(users_path, "r", encoding="utf-8") as fh:
+            return jsonify(json.load(fh))
+    except Exception:
+        return jsonify({"users": []})
+
 # ---------------------------------------------
 # Borealis Python API Endpoints
 # ---------------------------------------------