You get the error because you're trying to open the connection before you've even set the connection string:
con.Open()
cmd.Connection = con
con.ConnectionString = "Data Source=lotus-pc\sqlexpress; Initial Catalog=LawyerSystem; Integrated Security= true"
Change this to:
con.ConnectionString = "Data Source=lotus-pc\sqlexpress; Initial Catalog=LawyerSystem; Integrated Security= true"
con.Open()
cmd.Connection = con
One more thing, this code is very vulnerable to SQL injection:
cmd.CommandText = "SELECT * FROM [users] WHERE (username='" + TextBox1.Text + "')AND (password='" + TextBox2.Text + "' )"
By concatenating unsanitized user input directly into SQL statements you leave yourself wide open. Start parameterizing your queries:
http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlparameter.aspx[
^]
take a look at:
https://www.owasp.org/index.php/SQL_Injection[
^]