ASP.NET RegularExpressionValidator False Trigger

Question

I'm validating a password that must be letters and digits with at least one digit and one upper case letter. I am using the following RegEx expression to do so:

(?=(^[a-zA-Z0-9]{6,16})$)(?=.*\d)(?=.*[A-Z])

Using this pattern, the password "Valid101" should be valid and it worked as expected at both A Better .NET Regular Expression Tester and REGEX TESTER. But, when I use it in my ASP.NET user control's RegularExpressionValidator it wrongly decides that password "Valid101" is not valid.

I'm hoping someone could suggest what might be wrong.

You may benefit from [Reference - Password Validation](https://stackoverflow.com/questions/48345922) — ctwheels, May 02 '18 at 16:32
You use 3 lookaheads and capture group 1 in the first lookahead, maybe you could try it by matching it as well without the capturing group [`^(?=[a-zA-Z0-9]{6,16}$)(?=.*\d)(?=.*[A-Z])[a-zA-Z0-9]+$`](https://regex101.com/r/KYcWIX/1) — The fourth bird, May 02 '18 at 16:35
The fourth bird comment did not work in ASP.NET. Looks like it was using the PHP regex processor. ctwheels Password Validation suggestion was useful in that it gave me the idea to remove the requirements that were at the root of the problem: must include at least one digit and one upper case letter. — CAK2, May 02 '18 at 20:29

score 1 · Accepted Answer · answered May 02 '18 at 16:58

The pattern you have only consists of zero-width assertions, of lookaheads. They do not consume the text they match, so the match value after the regex matches is an empty string. The RegularExpressionValidator requires a full string match (i.e. the string matched should be the whole input string).

So, instead of (?=(^[a-zA-Z0-9]{6,16})$)(?=.*\d)(?=.*[A-Z]) use

^(?=.*\d)(?=.*[A-Z])[a-zA-Z0-9]{6,16}$

It will assure there is a digit and an uppercase ASCII letter in the string, and then will match (consume) 6 to 16 ASCII letters and digits.

ASP.NET RegularExpressionValidator False Trigger

1 Answers1