Licensing component - class library- how ?

[Guest]

Hello,
Iam new to .NET framework.
I have a class library that is distributed with a windows application.
How do I enforce that the classlib is used only with that windows
application by the user and not in any of the users applications.
I read about licensing. But one question that comes to mind is - what is the
user uses reflection to load the types in the class lib ?

Pls advise. thank you.
vikrantca

 

[Matt Berther]

Hello vikrantca,

Look at Xheo|Licensing (www.dotnetlicensing.com), which has a 'Limit' which does exactly what you want.

 

[Nick Malik]

Always a bit difficult.

My favorite way goes like this:

Your class library requires a singleton object to be created before any
members of the library can be used. The singleton must be preloaded with
two values: The name of the registered user, and a registration key. The
calling code must have these values, and must provide them in order to
proceed. You can even give the caller a helper method that will load these
values from the hard drive, if you want. (For fun, encrypt the registration
file with a symmetric key and just stick the symmetric key in your code...
it doesn't matter, your security doesn't come from this anyway, but it will
deter tampering with the registration file and will make it just a little
bit harder for the hacker to break in).

The registration code has to be generated by your company. You can generate
it and send it to the recipient, seperately from the dll itself. The
registration key is actually just the encrypted name of the registered user,
as encrypted with the private key of your organization. Your library will
use the public key of your organization (included in the code as a resource)
to decrypt the registration key and compare it to the registered user's
name. If it is a match, then the encrypted value can only have come from
you.

To increase security, when you create the registration key, add a new GUID
to the user's name as a salt string. When decrypting, ignore the GUID
characters. That way, even though the end user has part of the clear text
and the entire cyphertext, it should be very difficult to reverse engineer
the private key, because they don't have all of the clear text (they don't
have the GUID).

That should mostly prevent brute force attacks. This won't prevent someone
from sharing the reg file along with the dll. However, the reg file will
have in it, the name of the original licensee. Therefore, it will be fairly
easy to track down someone that started to share your app illegally. Make
sure that your users know this, as this is a good deterrent.

Good luck,
--- Nick

You go and create your own hash of the library from the code to match it.