How can I restrict/prevent .net code execution on internet?

Question

I develop a series of .NET class libraries and I don't want them to run from a web site. That is, users could only use/call my libraries through windows desktop applications. For example I don't want the users to be able to use these libraries in an ASP.NET web application, on a web site. Is there a way to achieve this?

Answer 1

No. Even if you were to stop your library from running under IIS, somebody could still run a desktop app with your library, and communicate with it from IIS.

Answer 2

You can prevent your code from running in a server-side ASP.Net AppDomain by checking whether HttpRuntime.AppDomainAppVirtualPath is not null and throwing an exception.

However, that won't stop someone from running your app in a separate AppDomain from ASP.Net, and it certainly won't stop someone from runnng the app as a service and exposing it to ASP.Net using WCF or named pipes.

Why are you trying to do this?

EDIT: To answer your comment, that's also impossible to do perfectly. You could check the HOST header, and someone could defeat it using SimpleWorkerRequest.
In addition, anything can be beaten by editing the assembly. (No obfuscator is perfect)

Answer 3

No, not really.

However, depending on what your application is you may be able to cripple it's application for use online. If you use named mutexes you can ensure only 1 operation ever starts at any one time. Similar to starting 1 instance of a desktop application, you ensure that all calls to DoWork() for example are sequential.

This means that using the web, they couldn't make repeated calls. But it does depend on how you envisage it's use in a desktop app.

Answer 4

Just as the other solutions not very safe, but you could check if a message loop is running using Application.MessageLoop which should typically be true for WinForms applications but not for web applications.