授权不捕获无效的用户名并且在角色上失败

Question

我正在使用以下内容进行授权和登录例程，但是当我收到输入用户名和无效用户名的用户时，当读者的记录集为空时，它的doest似乎也会被捕获，但它不包含任何角色炸弹在角色线上。

int userId = 0;
string roles = string.Empty;
string constr = ConfigurationManager.ConnectionStrings["SchoolSql"].ConnectionString;
            using (SqlConnection con = new SqlConnection(constr))
            {
                using (SqlCommand cmd = new SqlCommand("Validate_User"))
                {
                    cmd.CommandType = CommandType.StoredProcedure;
                    cmd.Parameters.AddWithValue("@Username", txtUsername.Text.Trim());
                    cmd.Parameters.AddWithValue("@Password", txtPassword.Text);
                    cmd.Connection = con;
                    con.Open();
                    SqlDataReader reader = cmd.ExecuteReader();
                    reader.Read();
                    if (reader.HasRows)
                    {

                        userId = Convert.ToInt32(reader["UserId"]);
                        roles = reader["Roles"].ToString();
                    }
                    con.Close();
                }
                switch (userId)
                {
                    case -1:
                        lblerror.Text = "Username and/or password is incorrect.";
                        lblerror.Visible = true;
                        break;
                    case -2:
                        lblerror.Text = "Account has not been activated.";
                        lblerror.Visible = true;
                        break;
                    default:
                        FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, txtUsername.Text.Trim(), DateTime.Now, DateTime.Now.AddMinutes(2880), chkRemberMe.Checked, roles, FormsAuthentication.FormsCookiePath);
                        string hash = FormsAuthentication.Encrypt(ticket);
                        HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hash);

                        if (ticket.IsPersistent)
                        {
                            cookie.Expires = ticket.Expiration;
                        }
                        Response.Cookies.Add(cookie);
                        Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUsername.Text.Trim(), chkRemberMe.Checked));
                        lblerror.Visible = false;
                        break;
                }
            }
        }

它在roles = reader中抛出异常。我也在下面包含了我的存储过程

--[Validate_User] 'admin', '12345'
ALTER  PROCEDURE [dbo].[Validate_User]
    @Username NVARCHAR(20),
    @Password NVARCHAR(20)
AS
BEGIN
    SET NOCOUNT ON;
    DECLARE @UserId INT, @LastLoginDate DATETIME, @RoleId INT

    SELECT @UserId = UserId, @LastLoginDate = LastLoginDate, @RoleId = RoleId 
    FROM Users WHERE Username = @Username AND [Password] = @Password 

    IF @UserId IS NOT NULL
    BEGIN
        IF NOT EXISTS(SELECT UserId FROM UserActivation WHERE UserId = @UserId)
        BEGIN
            UPDATE Users
            SET LastLoginDate =  GETDATE()
            WHERE UserId = @UserId 

            SELECT @UserId [UserId], 
                    (SELECT RoleName FROM Roles 
                     WHERE RoleId = @RoleId) [Roles] -- User Valid
        END
        ELSE
        BEGIN
            SELECT -2 [UserId], ''  RoleName-- User not activated.
        END
    END
    ELSE
    BEGIN
        SELECT -1 [UserId], '' RoleName -- User invalid.
    END
END