views:

252

answers:

2

I am about to implement a very basic licensing feature for my application. A serial number may be granted per-machine (or per-operating-system) or per-user (as for CAL in Windows Server: if my application is used by several users on one machine or if it is used by one user on several machines).

  1. For per-operating-system licensing, I use SerialNumber of Win32_OperatingSystem.

  2. For per-user licensing, I use:

    WindowsIdentity currentIdentity = WindowsIdentity.GetCurrent();
    if (currentIdentity != null)
    {
        SecurityIdentifier userSid = currentIdentity.User.AccountDomainSid;
        Console.WriteLine(userSid);
    }
    

A hash of an obtained OS serial number or SID is then stored in the database, associated with application serial; each time the program starts, it queries the server, sending hash of OS SN/SID and application serial.

Is it a right thing to do it or is it completely wrong? Will it work on every Windows machine? (For example, using motherboard serial is wrong)

+1  A: 

I don't see anything wrong with your approach, since I've seen a similar approach being used at work - however we use a combination of OS S/N and hardware IDs for machine licensing. Our apps don't have a per-user licensing, so I can't really advise on that.

Do note that you should not assume that values returned by WMI are in any particular format (Win32_OperatingSystem should be OK, IDs of hardware aren't always OK)

I've encountered bugs where the code accepting hardware IDs assumed a specific format and did not factor in the presence of non-alphanumeric characters such as commas and spaces.

Mr Roys
+1  A: 

You may also want to take a look at the scenario when a virtual environment is used. Would it still yield unique OS s/n?

I know this is not an answer.. but couldn't add a comment here..

Srikanth Venugopalan
Good question, haven't thought of that - virtualization wasn't as prevalent when the code was written. Gotta start thinking about that too.
Mr Roys
On virtual machines, the operating system serial is still unique. But if I've understood well what I've read, this serial can be changed from host machine (and, let's say, having one hundred virtual machines with the same S/N). In my case, I intend just to *reduce*, and not to completely eliminate piracy, so it's ok for me, but it's good no note this point related to virtual machines serial numbers.
MainMa