We can't be accurate from that little - we would need better info on your code, and what username / password combinations work and which don't to be specific.
But...
The "Normal" reason for this is pretty simple:
When the code concatenates strings to build an SQL command:
string sql = "SELECT * FROM users WHERE username=" + textBoxUserName.Text + " AND password=" + textboxPassword.Text;
Because any "oddities" in the name or password are passed through to SQL and it tries to understand them and fails. This is a spectacularly silly way to do things, as it also leave you wide open to SQL Injection attack which can damage or destroy your database. For a website to do this with it's login screen is suicidal as you do not even have to know a valid username to delete the DB, much less a valid password as well. Use Parameterized queries and both problems go away - your current one and the SQL Injection.
In addition, anything which stores the password in clear text is a major security risk! See here:
Password Storage: How to do it.[
^]
Submit an article or tip