Regular Expression for Password Validation in C#

Regular Expression for password validation

There seems to be a lot of confusion here. The answers I see so far don't correctly enforce the 1+ number/1+ lowercase/1+ uppercase rule, meaning that passwords like abc123, 123XYZ, or AB*&^# would still be accepted. Preventing all-lowercase, all-caps, or all-digits is not enough; you have to enforce the presence of at least one of each.

Try the following:


If you also want to require at least one special character (which is probably a good idea), try this:


The .{8,15} can be made more restrictive if you wish (for example, you could change it to \S{8,15} to disallow whitespace), but remember that doing so will reduce the strength of your password scheme.

I've tested this pattern and it works as expected. Tested on ReFiddle here:

Edit: One small note, the easiest way to do this is with 3 separate regexes and the string's Length property. It's also easier to read and maintain, so do it that way if you have the option. If this is for validation rules in markup, though, you're probably stuck with a single regex.

Validating password using regex c#

I recommend you create separate patterns to validate the password:

var input = "P@ssw0rd";

var hasNumber = new Regex(@"[0-9]+");
var hasUpperChar = new Regex(@"[A-Z]+");
var hasMinimum8Chars = new Regex(@".{8,}");

var isValidated = hasNumber.IsMatch(input) && hasUpperChar.IsMatch(input) && hasMinimum8Chars.IsMatch(input);

Regular expression for password validation in c#

You forget to put closing paranthesis in the first lookahead. And also you need to add .* after all the lookaheads because lookrounds are zero width assertions, it won't match any character but only assert whether a match is possible or not.

var rule = new Regex(@"^(?=.{8,16}$)(?=.*?[a-z])(?=.*?[A-Z])(?=.*?[0-9]).*$");


Regular Expression for Password Validation C#

Give this a whirl


Fits your specification I believe. From the look of your current regex youll be able to understand it but if not comment and ill explain.

Regex for default ASP.NET Core Identity Password

so, use

  • ^: first line
  • (?=.*[a-z]) : Should have at least one lower case
  • (?=.*[A-Z]) : Should have at least one upper case
  • (?=.*\d) : Should have at least one number
  • (?=.*[#$^+=!*()@%&] ) : Should have at least one special character
  • .{8,} : Minimum 8 characters
  • $ : end line

for more information: this

Regex for complex password validation

You can use this regex

--------- --------------------- --------------- -----
| | | |->match 8 or more characters
| | |->match further only if theres anything except letter or digit
| |->match further only if there is an upper-lower case letter
|->match further only if there are two digits anywhere


Regular expression for password complexity

try this regex here:


( # Start of group
(?=.*\d) # must contains one digit from 0-9
(?=.*[a-z]) # must contains one lowercase characters
(?=.*[A-Z]) # must contains one uppercase characters
(?=.*[@#$%]) # must contains one special symbols in the list "@#$%"
. # match anything with previous condition checking
{8,40} # length at least 8 characters and maximum of 40

Related Topics

Leave a reply