protected void Login_Authenticate(object sender, AuthenticateEventArgs e) { var query = @"select username, password from [Admin]"; using (var command = new SqlCommand(query)) { var reader = DatabaseInstance.Execute(command); while (reader.Read()) { if ((string)reader[0] == Login.UserName && (string)reader[1] == Login.Password) { e.Authenticated = true; Session["login"] = true; return; } } reader.Close(); } }