Using \" will not work, and you will not be able to use "" . What you have is correct.
However, to make it shorter, you can always use the Unicode: \x22 character escape code equivalent. Even shorter is the octal representation: \42 . Although both are shorter, they do not really help reading. Frequent regular expression users would realize that they represent a certain character, but they may not know which character to not look for. Also, you won’t be able to comment on this unless you plan on leaving comments on ASP.NET markup next to explain the regex.
However, I don’t really like how " . It looks weird and inappropriate, making \x22 or \42 look a little cleaner. Your call.
ValidationExpression="^[\w\d\s.,\x22'-]+$" ValidationExpression="^[\w\d\s.,\42'-]+$"
Ultimately, this allows you to reset 2-3 characters.
EDIT: Added an even shorter approach using octal representation.