tags:

views:

99

answers:

2
+3  Q: 

Is it possible to use HTTPS certificates for licensing?

I am working on an application with multiple clients and a server running various web-services for the clients. To implement licensing I am thinking about using HTTPS as a protocol for the web-services using certificates that are issued by our company. By influencing the expiration date of a certificate for a client we can prevent them from using our software after their license term.

It this possible and does it make sense to you?

Additional information: I am planning on using Qt/C++ for the clients, and the Twisted framework for the web-services.

A: 

I don't think that will work, the client can opt to ignore any certificate errors, check out the RemoteCertificateValidationCallback event in System.Net.Security

http://msdn.microsoft.com/en-us/library/system.net.security.remotecertificatevalidationcallback.aspx

JonoW  2010-02-23 12:36:07
I should have mentioned that the clients are written in C++, and that the web-services will use the Twisted framework.
Ton van den Heuvel  2010-02-23 12:38:48
Ah sorry, don't know why I assumed c#, thought it was tagged as such (but it wasn't)
JonoW  2010-02-23 13:01:58
+1  A: 

It should work. I don't know Twisted well, but you can place an Apache proxy in front of the web service, and have that handle certificate based authentication.

As for the client side, watch this bug. libcurl should provide you with an escape route if Qt gives problems.

You'll need to think through the procedures around the CA, to make sure this works operationally: Are your sales and billing departments comfortable with issuing a hard cut-off date to each customer? Will the certificate be issued on purchase order, or payment of invoice?

Adrian Cox  2010-02-23 12:57:48

related questions

Displaying Version Information in a Web Service
Example Web Service
SoapException: Root element is missing occurs when .NET web service called from Flex
Best practice for webservices
What is your preferred method of sending complex data over a web service?
.Net - Returning DataTables in WCF
Is it possible to return objects from a WebService?
How much extra overhead is generated when sending a file over a web service as a byte array?
Returning Large Results Via a Webservice
File Uploads via Web Services
best way to persist data in .NET Web Service
What is the difference between an endpoint, a service, and a port when working with webservices?
Calling REST web services from a classic asp page
Best way to write a RESTful service "client" in .Net?
Where can I find some good WS-Security introductions and tutorials?
ASP.NET Web Service Results, Proxy Classes and Type Conversion
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
Document or RPC based web services
How to easily consume a web service from PHP
Timer-based event triggers
How to pass enumerated values to a web service
Homegrown consumption of web services
How do I print an HTML document from a web service?
How do I fill a DataSet or a DataTable from a LINQ query resultset ?