To simplify creating and managing users in ASP.NET Microsoft created a lot of infrastructure that takes care of this boilerplate task. Part of the infrastructure is

aspnet_regsql.exe

utility that is supposed to create relevant tables on an SQL server. The trouble is, if you use SQL server authentication, the utility does not like passwords with funky characters. It looks like they get added to the connection string verbatim, and thus you get

System.ArgumentException: Format of the initialization string does not conform to specification starting at index 31.

Looks like they just append the passwords to the connection string, verbatim without escaping. Way to go (not)!