Need help with ASP.NET beginner login application

I created this simple login page. It's supposed to display in the label text like "Wrong user" when user doesn't exist, "Wrong password" when password entered is incorrect, etc.

But whenever I try and login it ALWAYS displays "Wrong user" when the user does exist in the table. I have entered usernames and passwords manually, not using any stored proceedure for that in this application.

Here's the code; please tell me what am I doing wrong. Apparently it's some logical error.

Default.cs file:

using System;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;

public partial class _Default : System.Web.UI.Page
{
    SqlConnection con = new SqlConnection();

    protected void Page_Load(object sender, EventArgs e)
    {
        con.ConnectionString = ConfigurationManager.ConnectionStrings["cn"].ConnectionString;
        if (con.State == ConnectionState.Closed)
        {
            con.Open();
        }
    }

    protected void Button1_Click(object sender, EventArgs e)
    {
        Int32 d = checkUser(UserName.Text, Password.Text);
        if (d == -1)
        {
            Label1.Text = "Wrong user";

        }
        if (d == -2)
        {
            Label1.Text = "Wrong password";
        }

        if (d == 2)

        {
            Label1.Text = "Login Successful";

        }
    }


    private Int32 checkUser(String u, String p)
    {
        SqlCommand cmd = new SqlCommand();
        cmd.CommandText = "LogInCheck";
        cmd.CommandType = CommandType.StoredProcedure;
        cmd.Connection = con;
        cmd.Parameters.Add("@u", SqlDbType.VarChar, 50).Value = u;
        cmd.Parameters.Add("@p", SqlDbType.VarChar, 50).Value = p;
        SqlParameter p1 = new SqlParameter("@ret", SqlDbType.Int);
        p1.Direction = ParameterDirection.ReturnValue;
        cmd.Parameters.Add(p1);
        cmd.ExecuteNonQuery();
        Int32 k = Convert.ToInt32(cmd.Parameters["@ret"].Value);
        return k;
    }
}

.aspx file:

<%@ Page Language="C#" AutoEventWireup="true"  CodeFile="Default.aspx.cs" Inherits="_Default" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
    <head runat="server">
        <title>Untitled Page</title>
    </head>
    <body>
        <form id="form1" runat="server">
            <div>
                Username :&nbsp;
                <asp:TextBox ID="UserName" runat="server"></asp:TextBox>
                <br />

                Password :
                <asp:TextBox ID="Password" runat="server" TextMode="Password"></asp:TextBox>
                &nbsp;

                <asp:Button ID="Button1" runat="server" Text="Login" onclick="Button1_Click"/>
                <br />

                <asp:Label ID="Label1" runat="server" Text="Label"></asp:Label>
            </div>
        </form>
    </body>
</html>

My stored procedure, LogInCheck:

ALTER PROCEDURE LogInCheck
    (
        @u varchar(50),
        @p varchar(50)
    )

AS
    Declare @ap varchar(50)
    Se开发者_StackOverflowlect @ap from tbuser where uname=@u
    if @ap is null
        begin
            return -1
        end
    else
        if @ap=@p
            return 1
        else
            return -2

Your select query is not putting any value into @ap. Try this:

Select @ap=<col_name> from tbuser where uname=@u

Update Try putting a begin and end after you've started your main else.

Declare @ap varchar(50)
Select @ap from tbuser where uname=@u
if @ap is null
begin
return -1
end
else 
begin         --Here
if @ap=@p
return 1
else 
return -2
end          --And here