Well, it could be anything...but there are a few things you ought to do to prevent other problems:
1) Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead:
string cmdstr = "select * from tbluser where username=@UN";
SqlCommand checkuser = new SqlCommand(cmdstr, con);
checkuser.Parameters.AddWithValue("@UN", TextBox1.Text);
2) Never store passwords in clear text - it is a major security risk. There is some information on how to do it here:
Password Storage: How to do it.[
^]
3) Don't use VS default names for your controls. You may remember today what TextBox1 and Label3 are supposed to do, but you won't next month! Use meaningful names: tbUserName and labErrorMessage instead - it makes your code a lot easier to work with, and read.
In fact your basic problem is pretty easy to spot:
When you read from the table to match the password, what is returned is not what you want - it is a count of the rows that would be returned, if you had read them. So, it won't match teh entered passowrd unless the user decides to have "1" as his password.
Implement the stuff above, and try again. But really, you should look at introducing Membership instead - it's a lot easier than your whole system will be.
http://msdn.microsoft.com/en-us/library/yh26yfzy(v=vs.85).aspx[
^]