Here is my code,problem is i'm able to login even with wrong username and password.
Can anybody tell wat is the mistake in my code..

using System;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using MySql.Data.MySqlClient;
using MySql.Data.Types;
using System.Data.Odbc;

public partial class _Default : System.Web.UI.Page 
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
    {
        string userName = Login1.UserName;
        string password = Login1.Password;

        string connetionString = null;
        connetionString = "Data Source=Localhost;Initial Catalog=employee_connect;User ID=root;Password=techsoft";
        MySqlConnection con = new MySqlConnection(connetionString);
        con = new MySqlConnection(connetionString);
        con.Open();
        MySqlDataAdapter da = new MySqlDataAdapter("Select * from admin", con);
        string thesql = "SELECT * FROM admin WHERE EmpName = @UserName AND Password = @Password";
        MySqlCommand cmd = new MySqlCommand(thesql, con);
        DataTable dt = new DataTable();
        DataSet ds = new DataSet();
        da.Fill(ds, "admin");
        ds.Tables.Add(dt);
        cmd.Parameters.AddWithValue ("@UserName", SqlDbType.NVarChar).Value = userName;
        cmd.Parameters.AddWithValue("@Password", SqlDbType.NVarChar).Value = password;
        foreach (DataRow r in dt.Rows)
        {
            if (r[1].ToString() == Login1.UserName && r[2].ToString() == Login1.Password)
            {
                e.Authenticated = true;
                Response.Redirect("login.aspx");
            }
        }
        con.Close();
        e.Authenticated = false;
        Response.Redirect("wrong.aspx");
        
    }
   
}

Hi, you have logic errors in your code. You are loading up your dataTable with the data using the SQL statement: "Select * from admin" and then checking against the rows in the table in your foreach loop. You never use the command object to extract the users that match the user name and password; that code is being used by anything as you never reset the dataAdapter's command object to that.
But that won't be causing your code to fail. Have you checked Username and Password are holding the correct values?