First off, don't use a masked text box unless you are forcing users to have formatted passwords such as AAAA-BBBB - use a standard textbox and set the
UseSystemPasswordChar[
^] property to mask it.
Second, checking for an empty password is simple:
.NET up to V3.5
if (string.IsNullOrEmpty(txtBoxPassword.Text))
{
}
.NET from V4.0
if (string.IsNullOrWhiteSpace(txtBoxPassword.Text))
{
}
Thirdly, don't report a separate error: Use a generic "the username and password were not recognised" - if you report of specific password problems it tells hackers when they have a valid username.
Fourthly, ever store passwords in clear text - it is a major security risk. There is some information on how to do it here:
Password Storage: How to do it.[
^]