First of all, you should try to find the correct row from Login table, not to get all rows and loop through them. This would mean something like
SELECT *
FROM Login
WHERE UserName = @username
AND HashedPassword = @hashedpassword
Before executing the statement, set proper values to the bind variables using
SqlParameter[
^]
About the password. Don't store the password as plain text or even encrypted, use one way hashing. A good read about the subject is
Password Storage: How to do it.[
^]