In this paper, a three-party controlled quantum secure direct communication and authentication (QSDCA) protocol is proposed by using four particle cluster states via a quantum one-time pad and local unitary operations. In the present scheme, only under the permission of the controller, the sender and the receiver can implement secure direct communication successfully. But under any circumstances, Charlie cannot obtain the secret message. Eavesdropping detection and identity authentication are achieved with the help of the previously shared reusable base identity strings of users. This protocol is unconditionally secure in both ideal and practical noisy cases. In one transmission, a qubit of each four particle cluster state is used as controller’s permission and the same qubit with another qubit are used to recover two classical bits of information. In the proposed scheme, the efficiency is improved compared with the previous works.