views:

56

answers:

3

I'm using C# and .NET 2.0. My app needs some way to check the different users so I'll use hardware id, but I saw that I can use only:

  • mac address - easily changeable and not everybody have it // NO
  • processor id - using WMI it returns a value for the cpu model, it's not unique // NO
  • motherboard serial - not every motherboard have it // NO
  • the Windows's volume serial - I'm not sure if it will be changed on Windows reinstall and format of the volume

So is there something I didn't mention for hwid? I want something that everybody have and it won't be erased on windows reinstall. Else I'd have to use the windows's volume serial number.


EDIT: From the commments I think it's best to use HDD id. How to get it? EDIT2: I just read that the SCSI drives don't have serial. Is that true?

A: 

HDD Serial number: unique, unchangeable, and everyone has it.

not a perfect option but...

Andrey
You mean the HDD serial, not the logical drive (volume) serial? If so, how to get it?
blez
Well if one changes the harddisk, you loose that one...
Yves M.
But how to get it?
blez
A: 

Well i'd go for more than one id. If you combine enough IDs they will get you enough uniqueness.

EDIT: you might also go for the place on the harddisk your program was installed too (Platter, Cylinder etc.)

Yves M.
And then if the user changes only one of the components, I'll have to renew his license.
blez
Well not really. If you have enough ids you can still identify the user.
Yves M.
Yes, but the idea is to make the user information copy protected. To prevent leaking of the user/serial
blez
+1  A: 

Why do you want to use hardware Id? I'd go with some kind of forms-based (or AD based) security, myself.

Given that, however: The thing about HWID is that it identifies that particular computer configuration: it is designed to change if there are system changes. You mention that Windows Volume Serial could change on reinstall and reformat, but won't your software also have to be reinstalled at that point? HDD Serial could also change if, say, the user swaps HDDs for some reason.

If you have to use HWID, you'll probably need to select one (or more) of the available options to provide uniqueness and either code around, or inform users about, hardware changes requiring a re-install and/or reconfigure of your software.

AllenG
What are the "forms-based (or AD based)" security?
blez
"forms based" refers to the idea (usually used on web apps, but you can implement it on Windows applications as well) that you have to log on (via a form) to use an application. AD refers to active directory; that is, hooking into a company's Active Directory server to retrieve user permissions. AD requires that Active Directory (or something similar) be installed, forms security requires some kind of Data store (even if its local to the machine in use).
AllenG
I prefer hardware id.
blez