Your SP has
where user_name = isnull(@uname,user_name)
which means passing a null user name and password will return every record on the table - you just don't need the Isnull - use
where user_name = @uname
In your C# you ExecuteNonQuery - but you are executing a query! You probabl;y want to execute this and look at the returned records - there will be zero records for an invalid user name and password.
If you do just want a test (my log ins usually return some user data too so I can display "welcome Back Max instead of Welcome Back Maxxxx0192) you could change the Sp to return a value - something like
if exists(select 1 from usertable where name=@name and pwd=@pwd)
return 1
else
return 0
Then - in your code you execute the query then set the labelto visible - I assume you were expecting an exception on the executeNonQuery -= you won't get one unless your SP is invalid - i.e. syntactically incorrect.
So you need to do
int result = cmd.,ExecuteNonQuery
then test result for 0 or 1.