There are several things wrong here:
1) Never hard code connection strings: they should be in configuration files, because they will normally be different for development and production: production will use a server based system that multiple machines connect to using an ID and password, developement if often done on a local installation using LOCALHOST and integrated security.
2) Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
3) Probably, your SQL database column, isn't called "usernmae", but "username"
4) Never store passwords in clear text - it is a major security risk. There is some information on how to do it here:
Password Storage: How to do it.[
^]
5) If all you are interested in is a number of rows, then use
SELECT COUNT(*)
and call ExecuteScalar to return a single value instead of wasting time and resources constructing datatables you will never use.
6) Think about your conditions:
if (dt.Rows.Count >= 0)
If there are no matches in the DB, is that really a successful login?