I have a code that should test a login. When I execute literally, it works, returning one row (that's expected). When I use parameters on sqlcommand, I don't get any row.

It works (literal values for username and password):

string strConn = 'string connection';
SqlConnection conn = new SqlConnection(strConn);
SqlCommand sqlCommand = new SqlCommand();
sqlCommand.Connection = conn;
sqlCommand.Parameters.Clear();
sqlCommand.CommandText = @"select *
                           from
                              Usuario
                           where
                              Username = 'test' and
                              Password = CONVERT(VARCHAR(32), ashBytes('MD5', 'test'), 2)";

conn.Open();
SqlDataReader ret = sqlCommand.ExecuteReader();

But it doesn't work (parameters values for username and password):

string strConn = 'string connection';
SqlConnection conn = new SqlConnection(strConn);
SqlCommand sqlCommand = new SqlCommand();
sqlCommand.Connection = conn;
sqlCommand.Parameters.Clear();
sqlCommand.CommandText = @"select *
                           from
                              Usuario
                           where
                              Username = @login and
                              Password = CONVERT(VARCHAR(32), ashBytes('MD5', @pass), 2)";

SqlParameter user = new SqlParameter("@login", SqlDbType.NVarChar, 50) { Value = "test" };
SqlParameter pass = new SqlParameter("@pass", SqlDbType.NVarChar, 50) { Value = "test" };

List<SqlParameter> list = new List<SqlParameter>();
list.Add(user);
list.Add(pass);

sqlCommand.Parameters.AddRange(list.ToArray<SqlParameter>());

conn.Open();
SqlDataReader ret = sqlCommand.ExecuteReader();

I don't have an sintax error or something like that. The second code just don't returns rows. I've tried to use sqlCommand.Parameters.AddWithValue, but I have no success too.