Firstly it is creating SqlConnection object but not open connection.
Secondly always use parameterized query to avoid SQL Injection. Here is the complete code:
SqlConnection con = new SqlConnection("Data Source=USER-PC;Initial Catalog=Test;Integrated Security=True");
con.Open();
SqlDataAdapter sda = new SqlDataAdapter("select role from login where username = @uid and password = @pwd",con);
da.SelectCommand.Parameters.AddWithValue("@uid", textBox1.Text);
da.SelectCommand.Parameters.AddWithValue("@pwd", textBox2.Text);
DataTable dt = new DataTable();
sda.Fill(dt);
if (dt.Rows.Count==1)
{
}
con.Close();