That's not good. You are doing a number of nasty things there.
First off you are using class variables for things that should be local: your connection and reader. Worse, they are
static
!
You are using a
using
block for your command, but manually closing the reader.
You are doing irrelevant tests:
if (rdr.HasRows == true) {
while (rdr.Read() == true) {
So you compare a value that is already a bool with a fixed bool? Just say:
if (rdr.HasRows) {
while (rdr.Read()) {
It's a lot easier to read.
You use a loop on your reader when there should - by definition - be only one matching row. If there are two, there is something seriously wrong with your data!
Your exception catching is not good - you catch all exceptions (which is not recommended) and then report it as a single error in configuration before discarding all the information that might help you diagnose the problem.
There are two comments in the whole code: and they are redundant and misleading.
You have specified the columns you retrieve from your DB - which is good - but you retrieve information you already have and access the data via numeric indexes in a different method - so any changes you make have to be in two separate places.
But the worst thing is your whole process: storing passwords in text is a very bad idea.
Code Crime 1[
^]
Have a look here:
Password Storage: How to do it.[
^]