Is there a Windows absolute time for timestamps? (.NET)

Question

I'm working with a WPF/C# app where I need to lock out users from accessing a particular feature for some amount of time. Basically, from the time a certain event happens, I want to prevent certain access for the next 24 hours.

The simple case:

• Event happens, save timestamp (using DateTime or similar)
• User tries to access area 15 hours later, compare Now to timestamp... block
• User tries to access area 25 hours later, compare Now to timestamp... allow

All good. However, the user has the ability to change the system time, which royally screws me. They can simply set the system time 24 hours ahead and my app will be none the wiser.

I'm assuming that changing the time in Windows makes its way to the system's real time clock... so is there any free running timer that is independent of the system clock? One that the user can't mess with?

Any insight is appreciated.

Answer 1

Environment.TickCount doesn't change with system time changes but it resets on reboots. One option is an HTTPS secured web service and a certificate policy that does not allow certificate validation failures. Otherwise it would be pretty trivial to spoof the response from the service.

Back when I first started selling software I was very paranoid about piracy and such. Not that I'm suggesting your purposes is the same. But I came to the conclusion that people generally won't mess with their system time because it screws up so many other things on their computer that it's not worth the hassle. Naturally different applications will have different integrity requirements but I just thought I'd add this bit.

Answer 2

Not really. The only reliable absolute timer is an external one, under your control or the control of someone you trust, such as one of the time servers on the Internet (e.g. time.windows.com). You could access these using a NTP or SNTP library such as the one posted at http://www.codeproject.com/KB/IP/ntpclient.aspx. Of course, in this case (as per a comment to Josh's answer) you need to consider what to do if you are unable to reach the time server, e.g. the user disconnects the machine from the network.

You can use Environment.TickCount to get the time since the system started, which the user can't mess with -- but if the user or somebody else reboots the system then this will get restarted, so it's not reliable for the purpose you require.

Answer 3

No, there is no absolute knowledge of what time it is in Windows, how could there be? If you need a reliable timestamp, then you need to get one from a reliable location on the internet. One that the user can't mess with.

You could get the time from a Network time service, or go to www.time.gov and scrape the time out of the html that you get back. http://www.time.gov/about.html

Or just live with the few users willing to set their clock forward.

Answer 4

To get an absolute time stamp, try an NTP request to one of the (free) NIST time servers

Answer 5

Using a Windows service, you could fake an absolute elapsed time, by logging when the system time is updated.

This would require that you're able to install a service on the machine, of course, and that your users aren't clever enough to root it out.

Here's some info on trapping the WM_TIMECHANGE message in a .NET service: detecting a wm_timechange event in a .net windows service