diff --git a/src/AuthClientManager.cpp b/src/AuthClientManager.cpp
index b9fc673..65b15e6 100644
--- a/src/AuthClientManager.cpp
+++ b/src/AuthClientManager.cpp
@@ -29,11 +29,26 @@ bool AuthClientManager::needAuth() {
     return !authInfo.empty();
 }
 
+bool AuthClientManager::haveAuthUser(const std::string_view &user) {
+    auto &users = authInfo.get<AuthUser::USER>();
+    return users.contains(std::string{user});
+}
+
+std::shared_ptr<AuthClientManager::AuthUser>
+AuthClientManager::checkAuthUserOnly(const std::string_view &user) {
+    auto &users = authInfo.get<AuthUser::USER>();
+    auto it = users.find(std::string{user});
+    if (it != users.end()) {
+        return *it;
+    } else {
+        return {};
+    }
+}
+
 std::shared_ptr<AuthClientManager::AuthUser>
 AuthClientManager::checkAuth(const std::string_view &user, const std::string_view &pwd) {
     auto &userPwd = authInfo.get<AuthUser::USER_PWD>();
     auto it = userPwd.find(std::make_tuple(std::string{user}, std::string{pwd}));
-    //userPwd.contains(std::make_tuple(std::string{user}, std::string{pwd}));
     if (it != userPwd.end()) {
         return *it;
     } else {
diff --git a/src/AuthClientManager.h b/src/AuthClientManager.h
index ec7144d..ecea726 100644
--- a/src/AuthClientManager.h
+++ b/src/AuthClientManager.h
@@ -149,6 +149,10 @@ class AuthClientManager : public std::enable_shared_from_this<AuthClientManager>
 
     bool needAuth();
 
+    bool haveAuthUser(const std::string_view &user);
+
+    std::shared_ptr<AuthClientManager::AuthUser> checkAuthUserOnly(const std::string_view &user);
+
     std::shared_ptr<AuthClientManager::AuthUser> checkAuth(const std::string_view &user, const std::string_view &pwd);
 
     std::shared_ptr<AuthClientManager::AuthUser> checkAuth_Base64AuthString(const std::string_view &base64AuthString);
diff --git a/src/ProxyHandshakeUtils/Socks4ServerImpl.cpp b/src/ProxyHandshakeUtils/Socks4ServerImpl.cpp
index f3bac1a..4c76db7 100644
--- a/src/ProxyHandshakeUtils/Socks4ServerImpl.cpp
+++ b/src/ProxyHandshakeUtils/Socks4ServerImpl.cpp
@@ -127,6 +127,37 @@ void Socks4ServerImpl::do_analysis_client_first_socks4_header() {
                 |
                 d[3]
         );
+        if (ptr->authClientManager->needAuth()) {
+            // need auth
+            if (nullByteIndex[0] <= 8) {
+                // the len(USERID)==0, USERID not exist
+                BOOST_LOG_S5B_ID(relayId, error)
+                    << "do_analysis_client_first_socks4_header need auth but (nullByteIndex[1] <= 8), "
+                    << " need auth but no USERID";
+                do_handshake_client_end_error(92);
+                return;
+            } else {
+                // get and check username
+                auto username = std::string{
+                        d + 8,
+                        d + nullByteIndex[0]
+                };
+                BOOST_LOG_S5B_ID(relayId, trace) << "do_analysis_client_first_socks4_header auth username:" << username;
+
+                auto au = ptr->authClientManager->checkAuthUserOnly(username);
+                if (au) {
+                    BOOST_LOG_S5B_ID(relayId, trace)
+                        << "do_auth_client_read auth ok :[" << username << "]";
+                    ptr->tcpRelaySession->authUser = au;
+                    // ok
+                } else {
+                    BOOST_LOG_S5B_ID(relayId, trace)
+                        << "do_auth_client_read auth error :[" << username << "]";
+                    do_handshake_client_end_error(92);
+                    return;
+                }
+            }
+        }
         BOOST_LOG_S5B_ID(relayId, trace)
             << "do_analysis_client_first_socks4_header ptr->port:[" << ptr->port << "]";
         switch (d[1]) {