Well there's an option where you can pull the UN/PW from the DB based on a query which checks against the UN only and confirm the PW against the associated PW for the UN you pulled.
In doing this, even if the PW is incorrect you still verify that the UN exists.
However, if you're not careful with the coding then you've now pulled the PW into the code-behind as a variable which is potentially accessible.
What you could do is have both functions as stored procedures on the SQL server however. Benefit of this is that the checks are all done on the SQL server and do not ever come across to the code-behind.
Basically... SP#1 = check if UN exists in SB
if SP#1 returns records == 1 then execute SP#2
SP#2 check if PW matches record for associated UN
if SP#2 returns records == 1 then execute login
else execute failedLogin