Hi,
I'm interested to find out whether there are any standards or resources that you can recommend for developing license models in C#?
Thank you
Hi,
I'm interested to find out whether there are any standards or resources that you can recommend for developing license models in C#?
Thank you
I have never come across anything like a standard in this. What I would personally do is create a record or something like that which holds all the infomartion about the license and what features are available before the product key is entered, and how long before the trial or whatever expires (this can be tricky as you don't want to compare to the system date as this can be changed by the user). You then want to encrypt this record (maybe by salting and hashing it), so that the features can only be unlocked when a specific product key is entered. You also might want to randomly generate said key, although I would do this in a specific format so that a user can always recognise a product key when they are given one, and don't confuse this with an invoice number or whatever.
Rememeber that no system is fool-proof, and someone on some OS will find a way through somehow. This is probably the reason that I ahve never come across any standards, because no method is fully secure. You just have to do your best with it.
In C# you can use the Licensing class supplied by Microsoft. A sample is available through the link.
Basically you create a class that inherits from LicenseProvider and type the
[LicenseProvider(typeof(MyControlLicenseProvider))]
as an attribute to your class that you would like to have licensed. In your implementation (MyControlLicenseProvider
) you can code the appropriate methods for validating the license to your needs and then have your code call
License license = LicenseManager.Validate(typeof(MyControl), this);
If license is not null your application/control is licensed.
As Sir Graystar states, no system is fool-proof, and someone with the needed skills could engineer themselves around your validation. Don't spend too many hours implementing a rock hard system, but don't make it to easy to circumvent either. :-)
Using a hash like SHA or one of the MD hash functions and feed them some key data could be used to create a simple validation check. Your validation method could do something in the likes of
public override License GetLicense(LicenseContext context,
Type type,
object instance,
bool allowExceptions)
if (context.UsageMode == LicenseUsageMode.Designtime) {
// Creating a special DesigntimeLicense will able you to design your
// control without breaking Visual Studio in the process
return new DesigntimeLicense();
}
byte[] existingSerialKey = getExistingSerial();
// Algorithm can be SHA1CryptoServiceProvider for instance
byte[] data = HashAlgorithm.Create().ComputeHash(
username,
dateRequested,
validUntilDate,
// any other data you would like to validate
);
// todo: also check if licensing period is over here. ;-)
for (int l = 0; l < existingSerialKey.Length; ++l) {
if (existingSerialKey[i] != data[i]) {
if (allowExceptions){
throw new LicenseException(type, instance, "License is invalid");
}
return null;
}
}
// RuntimeLicense can be anything inheriting from License
return new RuntimeLicense();
}
This method returns a custom License, one that for instance has properties regarding the licensing, like a DateTime for the time when licensing runs out. Setting this up should not take to long, it works well with both WinForms and on ASP.NET sites, and will thwart (with no guarantee implied) a simple attempt to break your licensing.
You're better off buying an existing proven solution than rolling your own. Developing a software licensing system is a tricky process, and to be avoided if it's not your core business.
I suggest you take a look at the article Developing for Software Protection and Licensing, and then evaluate OffByZero Cobalt (obligatory disclaimer: both are produced by the company I co-founded).
From the aforementioned article:
We believe that most companies would be better served by buying a high-quality third-party licensing system. This approach will free your developers to work on core functionality, and will alleviate maintenance and support costs. It also allows you to take advantage of the domain expertise offered by licensing specialists, and avoid releasing software that is easy to crack.