The story thus far:

You’ve decided to make a SharePoint website available, but don’t want to use active directory to manage your users. You can either use an off the shelf MembershipProvider https://msdn.microsoft.com/en-us/library/f1kyba5e.aspx (which I highly recommend) or roll your own (which starts out looking like only a little bit of work, and then turns out to be a lot by the time you implement lockout, change password, account expiration, etc). The reason you’d want to roll your own is if you are keeping your membership information in your own schema and don’t want to take the time to convert to the aspnetsqlmembership http://msdn.microsoft.com/en-us/library/system.web.security.sqlmembershipprovider.aspx provider, or you need to communicate with some other system via an api.

So, after you’ve inserted your membership provider into SharePoint, you need a way for your users to change their passwords. Easy, stick a ChangePassword http://msdn.microsoft.com/en-us/library/system.web.ui.webcontrols.changepassword.aspx control onto an application page, and you’re good to go.

Then you notice, the PasswordRegularExpression used in the MembershipProvider isn’t working for the client side validation in IE. No one you know uses IE – but some user somewhere might complain about it someday. Best to look into it now.

You’ve set this regular expression on the ChangePassword.NewPasswordRegularExpression:

NewPasswordRegularExpression = '@\"(?=.{7,})(?=(.*\d){1,})(?=(.*\W){1,})'

The reason IE does not validate correctly is bceause you’ve used the look ahead assertion ?= in the regular expression, which is only available in javascript version 1.5 and up. IE 6 and IE7 are only running with javascript 1.3.

Solution? Well, you need to break the regular expression up into multiple ones, and stick the regular expression validators on the changepassword template. Would be nice if you could plug a new javascript version into IE for your users, but that’s a different story altogether.