using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;
using System.Data.SqlTypes;

public partial class Login : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }


    protected void Login1_Authenticate1(object sender, AuthenticateEventArgs e)
    {
        bool Authenticated = false;
        Authenticated = SiteLevelCustomAuthenticationMethod(Login1.UserName, Login1.Password);
        e.Authenticated = Authenticated;
        if (Authenticated == true)
        {
            Response.Redirect("website6/Home.aspx");
        }

    }
    private bool SiteLevelCustomAuthenticationMethod(string UserName, string Password)
    {
        bool boolReturnValue = false;
        // Insert code that implements a site-specific custom 
        // authentication method here.
        // This example implementation always returns false.
        string strConnection = "Server=.;Initial Catalog=Doctors;Integrated Security=True";
        SqlConnection Connection = new SqlConnection(strConnection);
        String strSQL = "Select username,password From users";
        SqlCommand command = new SqlCommand(strSQL, Connection);
        SqlDataReader Dr;
        Connection.Open();
        Dr = command.ExecuteReader();
        while (Dr.Read())
        {
            if ((UserName == Dr["username"].ToString()) & (Password == Dr["Password"].ToString()))
         [COLOR="red"]  [B]{
                boolReturnValue = true;
            }[/B][/COLOR]


        }
        Dr.Close();
        return boolReturnValue;

Edited 3 Years Ago by mike_2000_17: Fixed formatting

if ((UserName == Dr["username"].ToString()) & (Password == Dr["Password"].ToString()))

improper syntax. Needs two && signs; No capital P in your select statement.

moreover, you should not grab every record in the users DB. Instead, grab the record that pertains to you:

SELECT password FROM Users WHERE username=@username

command.parameters.addwithvalue("@username, UserName)

DR = command.ExecuteReader()
...

This article has been dead for over six months. Start a new discussion instead.