Developing licenses in C# - where do I start? [closed]

Question

I'm interested to find out whether there are any standards or resources that you can recommend for developing license models in C#?

Answer 1

In C# you can use the Licensing class supplied by Microsoft. A sample is available through the link.

Basically you create a class that inherits from LicenseProvider and type the

[LicenseProvider(typeof(MyControlLicenseProvider))]

as an attribute to your class that you would like to have licensed. In your implementation (MyControlLicenseProvider) you can code the appropriate methods for validating the license to your needs and then have your code call

License license = LicenseManager.Validate(typeof(MyControl), this);

If license is not null your application/control is licensed.

As Sir Graystar states, no system is fool-proof, and someone with the needed skills could engineer themselves around your validation. Don't spend too many hours implementing a rock hard system, but don't make it to easy to circumvent either. :-)

Using a hash like SHA or one of the MD hash functions and feed them some key data could be used to create a simple validation check. Your validation method could do something in the likes of

public override License GetLicense(LicenseContext context,
                                   Type type,
                                   object instance,
                                   bool allowExceptions)
    if (context.UsageMode == LicenseUsageMode.Designtime) {
        // Creating a special DesigntimeLicense will able you to design your
        // control without breaking Visual Studio in the process
        return new DesigntimeLicense();
    }
    byte[] existingSerialKey = getExistingSerial();
    // Algorithm can be SHA1CryptoServiceProvider for instance
    byte[] data = HashAlgorithm.Create().ComputeHash(
        username,
        dateRequested,
        validUntilDate,
        // any other data you would like to validate
    );
    // todo: also check if licensing period is over here. ;-)
    for (int l = 0; l < existingSerialKey.Length; ++l) {
        if (existingSerialKey[i] != data[i]) {
            if (allowExceptions){
                throw new LicenseException(type, instance, "License is invalid");
            }
            return null;
        }
    }
    // RuntimeLicense can be anything inheriting from License
    return new RuntimeLicense();
}

This method returns a custom License, one that for instance has properties regarding the licensing, like a DateTime for the time when licensing runs out. Setting this up should not take to long, it works well with both WinForms and on ASP.NET sites, and will thwart (with no guarantee implied) a simple attempt to break your licensing.

Answer 2

I have never come across anything like a standard in this. What I would personally do is create a record or something like that which holds all the infomartion about the license and what features are available before the product key is entered, and how long before the trial or whatever expires (this can be tricky as you don't want to compare to the system date as this can be changed by the user). You then want to encrypt this record (maybe by salting and hashing it), so that the features can only be unlocked when a specific product key is entered. You also might want to randomly generate said key, although I would do this in a specific format so that a user can always recognise a product key when they are given one, and don't confuse this with an invoice number or whatever.

Rememeber that no system is fool-proof, and someone on some OS will find a way through somehow. This is probably the reason that I ahve never come across any standards, because no method is fully secure. You just have to do your best with it.