Change Your COde
SqlConnection con = new SqlConnection(conDb);
con.Open();
SqlCommand cmd = new SqlCommand("Select * from Login where Username=@username and Password=@password", con);
cmd.Parameters.Add("@username", SqlDbType.VarChar);
cmd.Parameters["@username"].Value = this.TextBox1.Text;
cmd.Parameters.Add("@password", SqlDbType.VarChar);
cmd.Parameters["@password"].Value = this.TextBox2.Text;
SqlDataReader dr = null;
dr = cmd.ExecuteReader();
if (dr.HasRows)
{
Response.Redirect("Default.aspx?username=" + this.TextBox1.Text);
}