diff --git a/demo/db_auth.py b/demo/db_auth.py
index 14b18e1..c917fd9 100644
--- a/demo/db_auth.py
+++ b/demo/db_auth.py
@@ -1,23 +1,35 @@
 import asyncio
+import sqlalchemy as sa
 
 from aiohttp_security.authorization import AbstractAuthorizationPolicy
 
+from . import db
+
 
 class DBAuthorizationPolicy(AbstractAuthorizationPolicy):
     def __init__(self, db_pool):
         self.db_pool = db_pool
 
+    @asyncio.coroutine
+    def authorized_user_id(self, identity):
+        with (yield from self.db_pool) as conn:
+            where = [db.users.c.login == identity,
+                     not db.users.c.disabled]
+            query = db.users.count().where(sa.and_(*where))
+            ret = yield from conn.scalar(query)
+            if ret:
+                return identity
+            else:
+                return None
+
     @asyncio.coroutine
     def permits(self, identity, permission, context=None):
+        with (yield from self.db_pool) as conn:
+            where = [db.users.c.login == identity,
+                     not db.users.c.disabled]
         record = self.data.get(identity)
         if record is not None:
             # TODO: implement actual permission checker
             if permission in record:
                 return True
         return False
-
-    @asyncio.coroutine
-    def authorized_user_id(self, identity):
-        with (yield from self.db_pool) as conn:
-            conn
-        return identity if identity in self.data else None