Asp.net RegularExpression Validation not working properly

Question

I am trying to use the ASP.NET regularexpressionvalidator to apply a password policy that enforces the following policy:

Password should include at least 6 characters, at least one small letter, at least one Capital letter, at least one number, and at least one special character. Here is the expression:

^.(?=.{6,})(?=.\d)(?=.[a-z])(?=.[A-Z])(?=.[@#$%^&+=!-_()?]).*$

The strange thing I found is that it works fine except with the following scenario,

If I use all the required combination without special character such as Hello123" it finds it as valid password. below is the controls used for testing:

Any idea why?

Answer 1

Thanks guys, I found the problem. The special characters need to be escaped..

Answer 2

I think this will work for you:
(?=^.{6,}$)((?=.\d)(?=.[A-Z])(?=.[a-z])|(?=.\d)(?=.[^A-Za-z0-9])(?=.[a-z])|(?=.[^A-Za-z0-9])(?=.[A-Z])(?=.[a-z])|(?=.\d)(?=.[A-Z])(?=.[^A-Za-z0-9]))^.*

I am using it in an Asp.Net regular expression validator control to validate passwords with the same requirements that you have for your passwords.
The only problem is that I think it will allow the field to be empty, so I also use a required field validator.
Unfortunately I don't know enough about regular expressions to figure out why yours doesn't work.

Answer 3

I had a similar problem recently. Are you only seeing the problem in IE? You could be running into the regex lookahead bug.

check out my post and maybe it will help.