Securing .Net Winforms Application with hardlock dongle or a digital certificate

Question

I'm developing a C# Winforms application for a customer. The customer wants the program secured by a hardlock, so only people having the appropriate hardlock can access the program. I know there are a ton of ways to secure accessing to a Winforms application, but he inststs on using a hardlock.

I have never experienced implementing a secure app with hardlock and have no knowledge about it. Guess my best options are Sentinel Superpro or Alladdin (seems that latter has more resource on the net.)

1- I still am not sure if hardlock is the best choice. I saw some digital certificate usb dongles for securing an application don't know if they're any different than hardlock. If they are different, then maybe using digital certificates is a better choice?

2- Anyone has any resource on the net (A demo maybe) on how to secure a .Net winforms application with hardlock? If it's very time consuming then maybe I'd have to renegotiate the price :p

Answer 1

Look to the vendors. Most will ship you a full SDK with sample code for securing a .NET application with a dongle. It's typically fairly easy, especially if you want to use their software.

For example, I recently evaluated KEYLOK's offering - they ship a full SDK with a sample implementation that can be plugged into your app in a couple of hours.

Realize, however, that using a dongle is still only part of the process of securing an application. This is especially true with .NET applications, as they are very easy to disassemble with Reflector and similar tools. You'll need to also obfuscate at a minimum, otherwise, a dongle is very easy to circumvent.