How to obfuscate web app before publishing?

Question

I have a Visual Studio 2008 solution with number of DLLs and web application uses them as a main project. It's a commercial banking and accounting software (thin client) and I don't want a client getting access to the source in circumvention of mine.

I want to obfuscate all resulting assemblies before publishing them onto a web server via menu Publish.

How can I do that? How to insert obfuscating step before building and publishing? Using msbuild?

Edit: Thanks to everybody for answering! But my question is more about concrete task (obfuscating in VS on publishing) than about obfuscating in general.

Answer 1

where do expect hijacking from? from users or from hoster? First you shouldn't put source codes on site, just compiled assemblies, second you should put assemblies in folders where users can't access them. If you are afraid of hoster you should use obfuscator, just google them there are a lot of in the market.

Answer 2

Never send anything to the client that you don't trust them with. Ever. If the language you are using requires sending trusted information to non-trusted clients, it is being stupid.

Answer 3

See this post: http://stackoverflow.com/questions/506282/protect-net-code-from-reverse-engineering

Effectively, there's nothing you can do to completely protect your code from reverse-engineering. The best you can do is use a tool like Dotfuscator.

If your code works, the chances an honest client will try to re-write it or tamper with it are small. If the client is not honest, there's little you can do that will be effective.

Instead of worrying about this, worry about producing quality products that honest clients will pay for.

Answer 4

There are several obfuscation products out there.

Visual Studio even ships with one - DotFuscator, though there are others.

Here is some DotFuscator documentation.

However, even with obfuscation a determined hacker will be able to reverse engineer your code.

Answer 5

I agree with the above points, in the sense that you shouldn't release code to an untrusted party. Obfuscation simply makes it difficult for your code to be understood, but there are ways and means around it.

Having said that, if you really want to obfuscate your code, you could try Easfuscator.NET.

Answer 6

Some obfuscators will support performing the obfuscation as part of the build process so that the published app is already obfuscated.

Crypto Obfuscator is one such tool - it supports integration with MSBuild which enables performing the obfuscation step as part of publishing or ClickOnce.