Last post May 02, 2005 06:35 PM by PLBlum
Apr 30, 2005 10:51 PM|Salameh|LINK
Licenscing software is too darned expensive so I thought about building my own.
I thought the best way in doing it would be build a dll file with each new liscence user add in a new domain checker, so each compile would have all the valid domains contained in the dll.
The registered user would then add the license dll to the bin of the web application, so the control would know it is a valid user.
The problem i having trouble figuring out is that the control would need a reference to this dll, such as a declaration of
The output from the control would depend if there is a licensce dll in the bin directory. How do i get the control to still run if it can't find the dll in the bin directory which is a valid option.
May 01, 2005 01:45 PM|PLBlum|LINK
Since I built my own licensing a few years ago (before XHEO Licensing was out), I hope to offer you some insight.
You can open an assembly without a "using" clause. See the Assembly class for its static method LoadWithPartialName(). This method will load an assembly from the \bin or GAC folders. Then you use Reflection (a group of classes in .net to interact with an
assembly and its types). There is alot of documentation on Reflection both in the .net docs and on the web.
I do not recommend using an assembly. It's too complicated because you have to run a compiler and imbed data into your compiled code (perhaps through a resource). You can create an encrypted binary file with the data you want to provide. You tell the user
where to put it and have your main control's assembly open that file, unencrypt it and look at its data.
From the work it took to create my own licensing system, I can tell you that
XHEO Licensing is probably very cost effective at around $300. If I judge the cost of my time at $50/hr (probably a low value here in the US), any more than 6 hours of development would pay for the product. It took me over 1 week because you have to write
your system that generates these files as well as reads them. Then there is all the testing/debugging involved, which has been eliminated by a third party who has been shipping this product for over 2 years.
May 02, 2005 10:59 AM|Salameh|LINK
You have been very helpful on my project Mr Blum and I appreciate it. Your encrypted file idea is a better idea than my dll idea. Used the
System.Security.Cryptography and got that peice working.
Corious what would be the best information to obtain from the user to provide a generic licensce. Either a IP address or a domain name. Any ideas.
May 02, 2005 12:00 PM|PLBlum|LINK
Good question and I hope others will answer with their views. Here's mine:
I decided to avoid using IP address and domain names. Instead, I license per computer, by matching the computer name (found in System.Environment.MachineName).
When designing license security, there is a balance you need between ease of use and total protection. I have decided to keep things closer to the ease of use side. Therefore, I don't actually embed anything specific about their system into my license files.
That way, they can move the files to a new computer without difficulty. The idea for me is to keep customers from getting frustrated. I want happy customers because it makes my business far easier to run.
So how do I match to a computer name? My web control has a public global string property. The user must assign that property to the serial number (embedded in the license file) and the computer name. They do this in Application_Start. Later if they change
the computer name, they update the application. You can see how this favors ease of use over total protection.
My greatest protection is that my customers are happy and do purchase licenses as they add new servers.
May 02, 2005 12:24 PM|Salameh|LINK
May 02, 2005 06:35 PM|PLBlum|LINK
That's exactly the point I was telling you when I spoke about the balance between ease of use and total protection. I have elected to keep it easier for the user which means its not as secure. I believe that all forms of protection can be worked around.
If not by the person who buys it, by someone who cracks your security and publishes it on a distribution site.
Some vendors sell licenses per developer; others per production server. I choose to sell by production server and allow unlimited developers to use that production server license. So I expect them to copy the license file around so long as they don't give
it to third parties who have no business with it.