Hi,
I'm interested to find out whether there are any standards or resources that you can recommend for developing license models in C#?
Thank you
+1
A:
I have never come across anything like a standard in this. What I would personally do is create a record or something like that which holds all the infomartion about the license and what features are available before the product key is entered, and how long before the trial or whatever expires (this can be tricky as you don't want to compare to the system date as this can be changed by the user). You then want to encrypt this record (maybe by salting and hashing it), so that the features can only be unlocked when a specific product key is entered. You also might want to randomly generate said key, although I would do this in a specific format so that a user can always recognise a product key when they are given one, and don't confuse this with an invoice number or whatever.
Rememeber that no system is fool-proof, and someone on some OS will find a way through somehow. This is probably the reason that I ahve never come across any standards, because no method is fully secure. You just have to do your best with it.
Sir Graystar
2010-05-25 08:30:43
Hey, thank you for the reply. Do you know whether it's better to work with the keys or the custom made license files?
vikp
2010-05-25 09:12:47
I have always worked with keys, but its probably worth looking into custom made files aswell. Not in my area of knowledge I'm afraid.
Sir Graystar
2010-05-25 09:25:14
+4
A:
In C# you can use the Licensing class supplied by Microsoft. A sample is available through the link.
Basically you create a class that inherits from LicenseProvider and type the
[LicenseProvider(typeof(MyControlLicenseProvider))]
as an attribute to your class that you would like to have licensed. In your implementation (MyControlLicenseProvider) you can code the appropriate methods for validating the license to your needs and then have your code call
License license = LicenseManager.Validate(typeof(MyControl), this);
If license is not null your application/control is licensed.
As Sir Graystar states, no system is fool-proof, and someone with the needed skills could engineer themselves around your validation. Don't spend too many hours implementing a rock hard system, but don't make it to easy to circumvent either. :-)
Using a hash like SHA or one of the MD hash functions and feed them some key data could be used to create a simple validation check. Your validation method could do something in the likes of
public override License GetLicense(LicenseContext context,
Type type,
object instance,
bool allowExceptions)
if (context.UsageMode == LicenseUsageMode.Designtime) {
// Creating a special DesigntimeLicense will able you to design your
// control without breaking Visual Studio in the process
return new DesigntimeLicense();
}
byte[] existingSerialKey = getExistingSerial();
// Algorithm can be SHA1CryptoServiceProvider for instance
byte[] data = HashAlgorithm.Create().ComputeHash(
username,
dateRequested,
validUntilDate,
// any other data you would like to validate
);
// todo: also check if licensing period is over here. ;-)
for (int l = 0; l < existingSerialKey.Length; ++l) {
if (existingSerialKey[i] != data[i]) {
if (allowExceptions){
throw new LicenseException(type, instance, "License is invalid");
}
return null;
}
}
// RuntimeLicense can be anything inheriting from License
return new RuntimeLicense();
}
This method returns a custom License, one that for instance has properties regarding the licensing, like a DateTime for the time when licensing runs out. Setting this up should not take to long, it works well with both WinForms and on ASP.NET sites, and will thwart (with no guarantee implied) a simple attempt to break your licensing.
Patrick
2010-05-25 10:47:28
Thank you for the code and advise, I really appreciate it. I will start writing a prototype.
vikp
2010-05-25 13:00:28
A:
You're better off buying an existing proven solution than rolling your own. Developing a software licensing system is a tricky process, and to be avoided if it's not your core business.
I suggest you take a look at the article Developing for Software Protection and Licensing, and then evaluate OffByZero Cobalt (obligatory disclaimer: both are produced by the company I co-founded).
From the aforementioned article:
We believe that most companies would be better served by buying a high-quality third-party licensing system. This approach will free your developers to work on core functionality, and will alleviate maintenance and support costs. It also allows you to take advantage of the domain expertise offered by licensing specialists, and avoid releasing software that is easy to crack.
Duncan Bayne
2010-06-05 05:36:21
Stop spamming your products to SO. Whether or not you add a disclaimer, you're still using SO to promote your product. Not good.
Mystere Man
2010-06-05 06:05:19
By the way, the one thing you neglected to mention was that using a commercial licensing product also means that if it's broken, then every product that uses it is broken, and the more products that use a commercial product, the more incentive there is for hackers to attack it.
Mystere Man
2010-06-05 06:06:39
Duncan Bayne
2010-06-06 01:21:34