There are too many flaws in your code. First of all how do you bind your dropdown list? Have you hard coded it(you have included listitems in aspx page)? Why do you need a postback when dropdownlist's selected index is changed when you are validating user's credentials on button's click? You are validating user or admin in two parts (user id and password seperately)! Suppose there are two users user1 and userr2 user1 has password password1 and user2 has password password2, now when user1 logs in he enters username: user1 and password: password2. This is incorrect information, still your code will authenticate the user and allows him to log in. And same goes for Admin. In order to make it work, follow these steps:
1) Ask the user to enter its user id and password and select the type from dropdownlist(user or admin)
2) Apply proper server-side and client-side validation before checking the information against database.
3) write two functions to validate users validateUser(string _userName, string _password) and validateAdmin(string _userName, string _password)
4) On button's click event write:
if(DrpType.SelectedItem.Text == "Admin")
Both the functions should validate the user based on username "and" password.
Hope it helps.