M
Mr.Tickle
Is there a class library that allows me to implement licensing into an
appliation, and disable it after a set period etc?
appliation, and disable it after a set period etc?
S
Stephen
I am also working on a shareware-type app and will need to
implement this. However, I would much rather write all of
the elements of this process myself (from serial#
generation to registration to disabling of the app) for
fear that a generic class found in the Internet would have
flaws that could be exploited.
I am curious about one thing however. If the app is set
to disable after a time limit (30-60 days), is there a way
to detect the last time the date was changed or by how
much so date manipulation to extend the life of the free
period can be avoided?
implement this. However, I would much rather write all of
the elements of this process myself (from serial#
generation to registration to disabling of the app) for
fear that a generic class found in the Internet would have
flaws that could be exploited.
I am curious about one thing however. If the app is set
to disable after a time limit (30-60 days), is there a way
to detect the last time the date was changed or by how
much so date manipulation to extend the life of the free
period can be avoided?
M
Michael Lang
Have you tried web services? Use a web service to determine the date and
time at install, and each time it is opened. If you can't find a current
web service that gives the current date/time, you could make one.
If your product is for use in business, I wouldn't worry about them setting
the clock back. Most businesses have some time sensitive software that
would prohibit that. An example would be Lotus Notes, or a document
management system.
A great licensing model overall is a web service based one. Of coarse for
that you must create your own web service and find a place to host it.
Authorization codes are too easy to crack. A quick search on google will
usually yield results for authorization codes for whatever you are looking
for.
Disclaimer: I don't crack software nor use illegal authorization codes.
I've paid for all of my Microsoft and other software. However, I do look
them up now and then as research into this topic.
Michael Lang, MCSD
M
Mr.Tickle
How about controlling licenses that are not connected to the cloud bubble.
M
Michael Lang
Your app doesn't have to connect to the internet to check for a license
everytime it is opened. You can check as little or as often as you want.
Each time your app opens it should check for a connection to update the
license. However, don't fail to open unless some time interval has passed
since the last update. If you are worried about the clock being set back,
then instead of a time interval use the number of times the application has
been opened since the last update, or the amount of total time the
application has been open since the last update.
Even if the license has timed out, you may want to consider just limiting
features instead of fully disabling the software. For example, a word
processor should always allow the user to open, view, and print your
document type. If your application is just a viewer/printer of another
applications document type, then disable printing. etc...
How are you distributing your software? and to who? If you distribute via
the web, then they must have some kind of connection. However, if the
person has no internet connection whatsoever, then of coarse the internet
subscription licensing model does not work.
Of coarse there are so many things to consider when licensing your product,
nobody can give you a single solution that fits all situations.
Michael Lang, MCSD
M
Mr.Tickle
its not connected PERIOD.
Michael Lang said:
M
Mr.Tickle
its distributed by hand 
no internet no connection.
Are you caught up in this web service fantasy soccer too. rofl
dumb prick
no internet no connection.Are you caught up in this web service fantasy soccer too. rofl
dumb prick
M
Michael Lang
its distributed by hand
Are you caught up in this web service fantasy soccer too. rofl
dumb prick
I didn't say web services were the only way. I've already said in my last
message that there is no one best way to do anything. Are you paying
attention?
I was really answering Stephen's qustion about verifying the clock hasn't
been changed. In place of a web service you could use a windows service to
monitor if the user sets the date back. Of coarse users can always disable
a windows service, thus rendering it useless.
Your attempts at an insult are not going to get people to want to help you.
M
Michael Lang
I've written a licensing component with one class "License". It has
various properties such as ApplicationName, IssueDate, ExpireDate, etc...
I also has a method for encrypting that license data into a string, and
one for decrypting a string into a license. In both cases it uses the
System.Security.Cryptography.Rijndael class.
For each application I predetermine a private "passphrase" of 16
characters to use as the initialization vector for the encryption.
You still need someway to generate a license and distribute it. The web
is a convinient way to distribute licenses. But having a backup way to
get a license is important for non-internet users. Maybe a phone number
they can call to get a license? Both of these methods allow you to keep
track of who uses your product and how often they attempt to get a
license. However, you can let the application itself generate a license.
But then you need some way to prevent them from regenerating a new
license every time it expires. In that case save something in an obscure
place in the registry.
However, if you are going the registry route, then you may as well jsut
store the expire date itself in that same place in the registry in an
excrpted string so that the user cannot just type a new value when they
ultimately do find it.
If you encrpt the date and store it in the registry take care in how you
generate that encrpted date. Since you will be generating it per machine
as it is installed (or run the first time), you can use some other
information about the computer in the encrption process. Maybe the MAC
address? But don't use it as is. Get the hash code for it, and "salt"
it. You can look up good salting techniques on google.
Even after all this care, it still doesn;t matter if they find the
appropriate registry key. They can just uninstall you app, delete the
key, and reinstall it. This does become annoying for the user after a
while and they may just give up and buy your product?
Michael Lang, MCSD