views:

289

answers:

2

Hello,

I am trying to use Dotfuscator (CE) to help protect our ASP.NET MVC .ddl. Its a web application that will be distributed to clients and we need a way to protect our IP.

The problem is that it appears to break the application once completed. I've only got so far with disabling renaming on my Controllers namespace but I'm get null reference exceptions now.

Has anyone got Dotfuscator working with ASP.NET MVC DLL's? Google provides no possible blog posts or information.

Thanks.

Other details:

Visual Studio 2008 Professional,

Windows Vista Business x64,

Registered my Dotfuscator but not had an email with a download link for the upgraded CE edition.

Or can anyone suggest a relatively cheap tool that would work properly?

+6  A: 

I don't think that will work because ASP.NET MVC relies so heavily on reflection.

I have successfully obfuscated an ASP.NET MVC application using SmartAssembly and the control-flow-obfuscation option it has. That does't change the name of your class members but instead changes the code in your methods into spaghetti code.

Jesper Palm
+1  A: 

It is true that ASP. NET MVC relies heavily on reflection, and therefore you cannot obfuscate the type or properties which will be reflected. However, I would argue that there is no need to obfuscate most of this stuff anyway. Your controller names and action names are already public, since they appear in URIs. Your presentation models are essentially public as well, since they should be designed like your view, and since end-users can see your view.

Your controllers should be very lightweight, and simply bind objects from a repository to your presentation models. So there is little intellectual property to hide here.

The code you would actually want to obfuscate would presumably be your business logic, which can very easily live in a separate assembly. So my suggestion would be that rather than trying obfuscator after obfuscator, and trying to find one which seems to work (except for those bugs which you miss, but your users find later on), that you instead partition the code which is important to obfuscate and his not so dependent on reflection.

Craig Stuntz