diff --git a/Femto.Modules.Auth/Application/Services/AuthService.cs b/Femto.Modules.Auth/Application/Services/AuthService.cs
index 4fb9323..1a9f868 100644
--- a/Femto.Modules.Auth/Application/Services/AuthService.cs
+++ b/Femto.Modules.Auth/Application/Services/AuthService.cs
@@ -15,10 +15,17 @@ internal class AuthService(AuthContext context, SessionStorage storage) : IAuthS
         CancellationToken cancellationToken = default
     )
     {
-        return await context
+        var user = await context
             .Users.Where(u => u.Username == username)
-            .Select(u => new UserInfo(u.Id, u.Username, u.Roles.Select(r => r.Role).ToList()))
             .SingleOrDefaultAsync(cancellationToken);
+        
+        if (user is null)
+            return null;
+
+        if (!user.HasPassword(password))
+            return null;
+        
+        return new UserInfo(user.Id, user.Username, user.Roles.Select(r => r.Role).ToList());
     }
 
     public Task<UserInfo?> GetUserWithId(Guid? userId, CancellationToken cancellationToken)