This is the sql you are executing
cmd = new SqlCommand("select * from UserProfile", con);
sdr = cmd.ExecuteReader();
You're getting all rows from the UserProfile table. For the first row you check if the username and password for that row matches what the user input and if it does it redirects to the home page and if it doesn't it redirects to the login page. A redirect stops the page executing so it's never going to get past the first row.
What you want to do is limit the sql to only retrieve the rows for the relevant user so you only need to do a password check. You add the username and password as params but don't use them. Something like;
cmd = new SqlCommand("select * from UserProfile where [Username]=@UserName and [Password]=@Password", con);
string username = txtUsername.Value;
string password = txtPassword.Value;
cmd.Parameters.Add("@UserName", SqlDbType.VarChar, 15);
cmd.Parameters.Add("@Password", SqlDbType.VarChar);
cmd.Parameters["@UserName"].Value = username;
cmd.Parameters["@Password"].Value = password;
sdr = cmd.ExecuteReader();
If you're doing logins like this just to learn then that's ok, but for any serious use you shouldn't store passwords in plain text, google for how to deal with password hashes and salt, there are plenty of articles out there that explain it.