1) Don't store your passwords in clear text - it is a major security risk. Hash them instead: Password Storage: How to do it.
2) Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. This is a major problem with a web site, and when the login code can easily destroy your database it is a very foolish way to start...
3) Are you by any chance checking for login in your master page? And directing to the login page from there? Because if you are, then you probably shouldn't use the master page fro your login error report page, should you...
Don't do it like that - implement Membership
] instead. It covers probably everything you need and is a lot quicker, and more reliable than "brewing your own" as you are. The link guides you through, but it shouldn't take you more than 30 minutes in total.