A distributed client/server system comprises a network of servers and clients, such as the Internet, in which user access to certain restricted resources is controlled by a logon procedure that identifies an authorized user to the respective administering server. The disclosed system and method includes a logon server that comprises a user authentication procedure by which a user can logon to the logon server from any client in the network and uniquely identify itself to the logon server. The logon server also includes a library of usernames and passwords for the restricted resources chosen by each user and the ability to automatically log the users on to any of the restricted resources when selected by the user through a personal catalog maintained by the logon server. The disclosed system and method also includes various other features for providing user authentication and identity management in a network environment, such as the Internet.