Don't use a Regex to do it all - they are too complex to maintain when password rules change.
Instead, do it in C# code:
private string SpecialsAllowed = "!£$%^&*()_-=+.,";
public bool IsValidPassword(string pw)
{
if (string.IsNullOrWhiteSpace(pw)) return false;
pw = pw.Trim();
if (pw.Length < 8) return false;
if (!pw.Any(c => char.IsUpper(c))) return false;
if (!pw.Any(c => char.IsLower(c))) return false;
if (pw.Intersect(SpecialsAllowed).Count() == 0) return false;
return true;
}
It's a lot clearer, and a lot simpler to modify when the rules change.
[edit]Union changed to Intersect :doh:[/edit]