Your AuthenticateMe method seems a bit wrong and ineffective to authenticate the user
- You use a reserved keyword (Table) without the proper delimiters (Square brackets)
- You don't pass the username and the password to the query that checks if the user is present
- You call two times the ExecuteReader (?)
- You check the returned value from the query with the same value used for the search (useless)
So you could rewrite the code in this way
private bool AuthenticateMe(string userName, string password)
{
string connectionString = @".....";
string commandText = "SELECT COUNT(*) from [Table] where Username = @name AND Pass = @pwd");
using(SqlConnection sqlConnection1 = new SqlConnection(connectionString))
using(SqlCommand cmd = new SqlCommand(commandText, sqlConnection1))
{
sqlConnection1.Open();
cmd.Parameters.AddWithValue("@name", username);
cmd.Parameters.AddWithValue("@pwd", password);
int result = Convert.ToInt32(cmd.ExecuteScalar());
return (result > 0);
}
}
Also, keep in mind that is considered a bad practice to store the passwords in the database in plain text. Some kind of hash function should be applied to the password memorized to forbid any security problem if someone get a copy of the database.