diff --git a/bower.json b/bower.json
index 0bc6697..24436bd 100644
--- a/bower.json
+++ b/bower.json
@@ -17,7 +17,8 @@
     "moment": "~2.10.6",
     "animate.css": "~3.4.0",
     "angular": "~1.4.2",
-    "font-awesome": "fontawesome#~4.5.0"
+    "font-awesome": "fontawesome#~4.5.0",
+    "ngstorage": "~0.3.10"
   },
   "devDependencies": {
     "angular-mocks": "~1.4.2"
diff --git a/src/app/components/auth/auth.service.js b/src/app/components/auth/auth.service.js
new file mode 100644
index 0000000..dbd4e80
--- /dev/null
+++ b/src/app/components/auth/auth.service.js
@@ -0,0 +1,86 @@
+(function() {
+  'use strict';
+
+  angular
+    .module('angular')
+    .factory('Session', Session)
+    .factory('AuthService', AuthService);
+
+  /** @ngInject */
+  function AuthService($q, $http, $rootScope, Session, $log) {
+
+    function login (credentials) {
+      var url = '/api/v1/login';
+      var encodedData = 'login=' + credentials.username + '&password=' + credentials.password;
+      return $http.post(url, encodedData).then(loginSuccessCallback, loginFailedCallback);
+    }
+
+    function loginFromCookie() {
+      var url = '/api/v1/login_from_cookie';
+      return $http.post(url).then(loginSuccessCallback, loginFailedCallback);
+    }
+    
+    function loginSuccessCallback(response) {
+      $log.debug('AuthService.login [SUCCESS] response', response);
+      var currentUser = Session.create(response.data);
+      $rootScope.currentUser = currentUser;
+      $rootScope.$broadcast('login-success', currentUser);
+      return currentUser;
+    }
+    
+    function loginFailedCallback(response) {
+      $log.debug('AuthService.login [FAIL] response', response);
+      $rootScope.$broadcast('login-failed');
+      return $q.reject(response);
+    }
+
+    function logout () {
+      Session.destroy();
+      $rootScope.currentUser = undefined;
+      $rootScope.$broadcast('logout-success');
+    }
+
+    function isAuthenticated () {
+      return !!Session.userId;
+    }
+
+    function isAuthorized (authorizedRoles) {
+      if (!angular.isArray(authorizedRoles)) {
+        authorizedRoles = [authorizedRoles];
+      }
+      return (service.isAuthenticated() && authorizedRoles.indexOf(Session.userRole) !== -1);
+    }
+
+    var service = {
+      login: login,
+      loginFromCookie: loginFromCookie,
+      logout: logout,
+      isAuthenticated: isAuthenticated,
+      isAuthorized: isAuthorized
+    };
+    return service;
+  }
+
+  /** @ngInject */
+  function Session($localStorage, $log) {
+    var service = {};
+
+    service.create = function(data) {
+      $localStorage.currentUser = data.user;
+      $log.debug('User session created.', $localStorage.currentUser);
+      return $localStorage.currentUser;
+    };
+
+    service.destroy = function() {
+      delete $localStorage.currentUser;
+      $log.debug('User session destroyed.');
+    };
+
+    service.getCurrentUser = function () {
+      return $localStorage.currentUser;
+    };
+
+    return service;
+  }
+
+})();
diff --git a/src/app/index.module.js b/src/app/index.module.js
index 5a13e79..013bc85 100644
--- a/src/app/index.module.js
+++ b/src/app/index.module.js
@@ -2,6 +2,6 @@
   'use strict';
 
   angular
-    .module('angular', ['ngAnimate', 'ngCookies', 'ngTouch', 'ngSanitize', 'ngMessages', 'ngAria', 'restangular', 'ui.router', 'ui.bootstrap', 'toastr']);
+    .module('angular', ['ngAnimate', 'ngCookies', 'ngStorage', 'ngTouch', 'ngSanitize', 'ngMessages', 'ngAria', 'restangular', 'ui.router', 'ui.bootstrap', 'toastr']);
 
 })();
diff --git a/src/app/index.route.js b/src/app/index.route.js
index dcbe692..05dbc9c 100644
--- a/src/app/index.route.js
+++ b/src/app/index.route.js
@@ -13,7 +13,12 @@
         url: '/:profile',
         templateUrl: 'app/profile/profile.html',
         controller: 'ProfileController',
-        controllerAs: 'vm'
+        controllerAs: 'vm',
+        resolve: {
+          currentUser: function(AuthService) {
+            return AuthService.loginFromCookie();
+          }
+        }
       })
       .state('profile.page', {
         url: '/{page:.*}',
diff --git a/src/app/index.run.js b/src/app/index.run.js
index 69bfc48..2aa7127 100644
--- a/src/app/index.run.js
+++ b/src/app/index.run.js
@@ -6,9 +6,13 @@
     .run(runBlock);
 
   /** @ngInject */
-  function runBlock($log) {
-
-    $log.debug('runBlock end');
+  function runBlock($log, Restangular, Session, AuthService) {
+    Restangular.addFullRequestInterceptor(function(element, operation, route, url, headers, params, httpConfig) {
+      if(Session.getCurrentUser()) {
+        headers['Private-Token'] = Session.getCurrentUser().private_token;
+      }
+      return { headers: headers };
+    });
   }
 
 })();
diff --git a/src/app/profile/profile.controller.js b/src/app/profile/profile.controller.js
index b0424f7..d86830d 100644
--- a/src/app/profile/profile.controller.js
+++ b/src/app/profile/profile.controller.js
@@ -7,13 +7,13 @@
 
 
   /** @ngInject */
-  function ProfileController(noosfero, $log, $stateParams) {
+  function ProfileController(noosfero, $log, $stateParams, $http) {
     var vm = this;
     vm.boxes = [];
     activate();
 
     function activate() {
-      noosfero.communities.one().get({private_token: '1b00325e5f769a0c38550bd35b3f1d64', identifier: $stateParams.profile}).then(function(communities) {
+      noosfero.communities.one().get({identifier: $stateParams.profile}).then(function(communities) {
         vm.owner = communities.communities[0];
       });
     }
--
libgit2 0.21.2