- There should be at least two roles in the system (e.g. Administrator, User). Each role should have some differences in user interface or in capabilities.
- There should be a login form (not HTTP Basic)
- Registration is NOT required. You can prefill the users and their passwords in the database.
- Password should not be saved in the database in open form.