Best licensing software for .NET Professionals
Licensing decisions for .NET software developers can be hard, but they don’t have to be. Steve Naidamast has the rundown on what you need to consider and the difference between encrypted and authenticated .NET licensing.
If you are a software developer creating products for sale, one of the things you have to consider is how you intend to license your software.
Given that there are many licensing options available, this can be a rather difficult decision to make. First and foremost in considering a licensing tool for your product is an understanding that no such tool exists that will make your product completely safe from those who will want to use your software illegally. There is always someone out there that if your product is good enough will want to bypass any licensing so that they can use it freely.
The idea of licensing is to ensure that you provide yourself with some measure of protection so that “software pirates” aren’t able to easily use your product without proper registration and purchase beyond a trial period. Licensing your product will then keep out most such people with the exception of the most determined “license crackers”.
The next consideration is the type of license you would like to implement. In this case there are two types of models; the “encryption” license, which once purchased, allows a customer to install your product on as many machines as is needed or the “authenticated” license that allows for a limited number of installations and de-installations.
The first licensing type in .NET software development arose with the .NET incorporated licensing model in the framework. However, this has always been more or less a hook for more sophisticated licensing schemes in the same vein by third parties. Using the .NET licensing model as is implemented in the framework is a fairly weak form of implementing this form of protection.
The encrypted license primarily allows for a single purchase of your software and then even with the more sophisticated schemes available can be open to abuse as a single product is passed around with the license to multiple parties who have not purchased your software. Using legal avenues for copyright infringement protection for such a method of product licensing is all but useless for the individual, commercial developer considering the costs that only large, established firms can afford.
Nonetheless, if the plan is to license software based on feature sets by offering differing priced licensing for each set of features than a general license may be a consideration. Companies do use such a licensing scheme successfully, though maintaining the vulnerability that the potential abuse that can accompany it.
However, for the individual software developer it may be a more cost effective approach to use an authenticated licensing model, which in of itself is a bit more complex to implement but offers a superior form of protection for your product.
Given that individual developers are on limited budgets, the pricier licensing tools may be unaffordable forcing the developer to feel as if he or she has to compromise to protect their intellectual property. This does not have to be.
There is one licensing tool that can easily fit into the budget of any developer; Infralution’s Licensing System, which can be found here.
Highly affordable at $170.00 for a single developer license, this excellent piece of software has been available for over 10 years and offers both encrypted licensing as well as authenticated licensing, both of which come in the same package. In addition, source code is available for the entire suite of tools for additional fees.
One would be correct to wonder that if the source code is available for all of the tools in this package would use of this software make your licensing scheme vulnerable to attack. The answer is not in the least because, as with most encryption processes, it is not the algorithm that is important (though, for good security you do want a strong algorithm) but the keys that are used to generate the licenses for your product(s). In addition, if using the authentication option, none of the algorithmic code for license generation is within the corresponding web-service. As a result, even if someone were to break into your web-site there would be nothing for them to find. All such code is kept at the developer’s workstation level where the license generation actually occurs.
The Infralution Licensing System can be used for the following .NET project types:
- Windows Forms (Desktop Applications)
- Windows Presentation Foundation (Desktop Applications)
- Class Libraries
- Compact Framework
Using the software
The following information is a very general overview on how you could implement the Infralution Licensing System. It is not meant to be the only information you may require as any type of licensing system has its own complexities but this overview does provide an indication at the relative ease with which you can incorporate this software with your product.
To implement either of the licensing schemes with your product the following tools and processes will be required:
For Encrypted Licensing
- License Tracker Tool (license generator & distributor)
- License Assembly (as it corresponds to the product type)
- Developer Defined License Code in Product
For Authenticated Licensing
- License Tracker Tool (license generator & distributor)
- License Assembly (as it corresponds to the product type)
- Developer Defined License Code in Product
- Authentication Web Service
The License Tracker tool is the primary software you will use to enter your product license parameter sets and generate your actual product licenses and your licensing validation strings (each set of licenses and their corresponding validation string are defined and generated by each product you set up in License Tracker) whether they are encrypted or authenticated license types. It is an extensive tool and to use it to its fullest capability it is necessary to review the HELP file that comes with the package, which is fairly extensive (a 30-day trial is available for download so you can obtain the HELP file for your review).
In general, when a purchase comes into a web-site for software, many companies will generate a license for the customer and then email it to them. License Tracker can integrate with Microsoft Outlook to assist with such license mail-outs to customers. It can also interface with distributors who you may have allowed to distribute your software such as ShareIt and PayPal. Thus, you can import their data for your product sales\trial downloads into License Tracker in order to provide license mail-outs and licensing adjustments (ie: extending a trail license) where applicable.
An alternative method to emailing purchased licenses to customers, which requires some form of manual intervention from you as the product developer, is to let your web-site do it for you. However, this takes a bit of setting up. In this situation you would have to pre-generate a number of licenses for your product and then load them into a database table so that when a purchase is made you can provide the license to a customer as soon as they return to your site after a purchase if using a third-party payment processor that allows such redirection. PayPal is most notable for this with it’s Web Payment Standard process and is one of the reasons it is still so popular with many small businesses.
If however, you implement a payment process API such as PayPal’s Web-Pro functionality or Authority.NET; then your customer never leaves your site to make a payment and you have much greater process control without having to concern yourself with a site redirect. This makes automatic license generation and provision a much simpler function and more convenient for your customers.
The use of this alternative licensing provision method allows your web-site to handle everything in this instance for you.
However, beware of the critical weakness in this methodology. Uploading a group of pre-generated licenses to a database table on your web-site can be vulnerable to security breaches that could acquire all of your stored licenses. This can be rectified by encrypting all of your licenses prior to storage and decrypting them when providing one to a customer. It would then be advisable that the security component that is used to do this be well obfuscated.
Applying the proper assembly to your product’s code is the start to implementing the licensing software with your product. This is very easily done by making a selection of one of the following assemblies, which you reference in your product’s project.
- Infralution.Licensing.ASP.dll (ASP.NET)
- Infralution.Licensing.Forms.dll (Windows Forms Desktop & Class Libraries)
- Infralution.Licensing.WPF.dll (Windows Presentation Foundation)
- Infralution.Licensing.CF.dll (Compact Framework)
Once accomplished you are then ready to begin implementing your licensing “validation” code in the appropriate module in your product’s source-code (ie: for WPF products it would be entered into the “Application.xaml.vb/cs” module.
To implement this code you have to insert the following code sets:
- License Validation String
- License Validation Code
Depending on which license type you select (encrypted or authenticated) will determine the differences in the code you will have to implement. However both code sets are relatively similar. The samples below show the code that would be used for an encrypted license type.
Sample license validation string (generated from License tracker tool)
' ' COPYRIGHT: Copyright 2012 Infralution ' Imports Infralution.Licensing.Forms Imports System.Environment ''' <summary> ''' Defines the license provider to use for the custom control ''' </summary> Public Class MyControlLicenseProvider Inherits EncryptedLicenseProvider ''' <summary> ''' License Validation Parameters String copied from License Tracker ''' </summary> Private Const LICENSE_PARAMETERS As String = _ "<EncryptedLicenseParameters>" + _ " <ProductName>My Product</ProductName>" + _ " <RSAKeyValue>" + _ " <Modulus>zX4VW8ukM8aBMgIeYOhBsH6s+UlbYM3jv3kGy59NA5vBDxaCRclowIXk" + _ " HC+Ue+ua0am7brgWss/N7PetcaleXWUJacRaisC5yjl3WK2UWoPQ37HjKijXM++eCO" + _ " q+mEProZYO7Ux2Q8aA13glAXn5Ry9OePA3YmD4f+658k0x1AE=</Modulus>" + _ " <Exponent>AQAB</Exponent>" + _ " </RSAKeyValue>" + _ " <DesignSignature>VyWFO92791568I4C/iw5bNi8y4yhv0GE4/m+5MWMsAlOdIe7GWr3v" + _ " 57rxtMo9iPyfMyHJhLLJHBkuANsI0gWUiaAfyMhpHdM893mkc4PEz8KS+ZSvUCVklNWiP" + _ " WPQUT0cDd6FSxCVjujBoZmIGYe4KglA8vjd2YxtHm7ZgTPYG4=</DesignSignature>" + _ " <RuntimeSignature>YCO+TnF/qnmLuY+NiINXPal3uSZiBuCvlI6RUDtsoVxSV5eld0P4av" + _ " a+m9+viKYMBLd/tOIiNH+Jh1ZQIMeWtDNndxyoRr2S1eRp0fb5XYHk8bvUUJB81a9eSrJ36" + _ " 6YgZwzXuL2oNw4hilZBQCgUgDWEwD4c2meD0dkE5MkTOdI=</RuntimeSignature>" + _ " <KeyStrength>7</KeyStrength>" + _ "</EncryptedLicenseParameters>" ''' <summary> ''' The name of the file to store the license key in - the sub directory is created ''' automatically by ILS ''' </summary> Private Shared _licenseFile As String = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\MyLicensedControl\MyLicensedControl.lic" Public Sub New() MyBase.New(LICENSE_PARAMETERS, _licenseFile) End Sub End Class
Note, code is from the HELP file.
Sample license validation code
Imports Infralution.Licensing.Forms Imports System.ComponentModel <LicenseProvider(GetType(MyControlLicenseProvider))> _ Public Class MyControl ''' <summary> ''' The name to display in the license install form ''' </summary> Private Const PRODUCT_NAME As String = "My Control" ''' <summary> ''' The license context last time we checked the license ''' </summary> ''' <remarks> ''' This is used to reduce the number of times the license check needs to be done. ''' If your control is likely to be used in multiple places (eg like a text box) ''' then checking the license each time a control is created can be very annoying ''' when in evaluation mode. ''' </remarks> Shared _lastDesignContext As LicenseContext Shared _licenseChecked As Boolean = False Public Sub New() MyBase.New() InitializeComponent() ' Is the control being displayed in the designer? ' If LicenseManager.CurrentContext.UsageMode = LicenseUsageMode.Designtime Then ' at design time we must check the license every time or else our license may not ' get compiled into the application resources ' If Not LicenseManager.IsLicensed(GetType(MyControl)) Then ' only show the install dialog if we haven't already done so for this form ' If Not LicenseManager.CurrentContext Is _lastDesignContext Then ' Display the evaluation dialog until the user installs a license or ' selects Exit or Continue ' Dim license As EncryptedLicense = Nothing While license Is Nothing Dim evaluationMonitor As New RegistryEvaluationMonitor("MyControlEvaluationPassword") Dim dialog As New EvaluationDialog(evaluationMonitor, PRODUCT_NAME) Dim dialogResult As EvaluationDialogResult = dialog.ShowDialog() If dialogResult = EvaluationDialogResult.Exit Then Throw New LicenseException(GetType(MyControl), Me, "Control not Licensed") End If If dialogResult = EvaluationDialogResult.Continue Then Exit While If dialogResult = EvaluationDialogResult.InstallLicense Then Dim licenseForm As New EncryptedLicenseInstallForm() license = licenseForm.ShowDialog(New MyControlLicenseProvider(), license, PRODUCT_NAME) End If End While _lastDesignContext = LicenseManager.CurrentContext End If End If Else ' at runtime only check the license if we haven't already done so ' If Not _licenseChecked Then ' show a nag screen if the control is not licensed ' If Not LicenseManager.IsLicensed(GetType(MyControl)) Then MessageBox.Show("This application was created using an unlicensed version of MyControl", "Unlicensed Application") End If End If End If _licenseChecked = True End Sub End Class
Note, code is from the HELP file.
As can be seen from the code above, all of the license query/entry forms and licensing validation are handled with a relatively small set of code. This is true for both the encrypted and authenticated license types.
However, if you elect to use the authenticated license type than you have a little more work to do other than entering the code noted above into your product. You have to also configure the authentication server for your web-site. This is a little more complex than just using an encrypted licensing scheme. However, the support from Infralution in general is very good and they are more than happy to answer any and all your questions in a reasonable time period. If however, you feel that it would be more beneficial to obtain outside assistance for this setup process, Infralution, for a reasonable fee, will also set up this service for you on your web-site.
Despite the added complexity with this service, the benefits of using a license authentication system does substantially increase the protection of your product. And for most professional developers setting the service up should not be all that daunting.
To begin, the Infralution License System package includes the complete project/solution for the Authentication Web Service. You simply have to add it to your web-site project as a “sub site”, which can then be accessed via web-service protocols.
Once you have done this you can then test the authentication web-service to ensure that it is running by entering the following type of URL: http://www.mycompany.com/authenticate/AuthenticationService.asmx
If you have installed the web-service properly, than you should see a screen similar to the one below:
Within the web-service project you will find a web-page entitled, “Install.aspx”. Once you have demonstrated that your web-service is running satisfactorily you can run this installation page, which will then initiate the database required to support licensing validations from within your software product’s code base, which was previously shown with the sample source-code.
Note that if you are using this type of licensing, your software product’s license validation string will include the URL for the web-service and where the license is to be validated. If you are like many professional developers, you will want to have a TEST system set up with this service in order to ensure that it is running properly for your requirements before you move it to production. To do this will require the generation of license validation strings for where your TEST server will be the same as you would have to generate a license validation string for where your PRODUCTION server will be. This means that you will have to maintain two types of generations for your product or define your product in the License Tracking tool twice; once for TEST and the other for PRODUCTION.
In either case you will have to take care as to what validation string you are using in your product to ensure that it always points to the correct server in either environment.
In all cases, when you have completed the generation of a license validation string for a product and you are satisfied with its parameters that data then must exported to the corresponding web-service’s database via the License Tracker tool. Whenever you make a new license generation or modify an existing one the License Tracking tool will inform you that you must update the validation database so that licenses generated for a given product with its parameter set can be properly validated by a customer attempting to register your product.
Note that whether you pre-generate your licenses as described earlier or handle them using the mail-out scheme, you will not be able to modify your license parameters set up and put into production for your product(s). If you do, than any previously sold licenses will no longer work against the web-service’s validation process if they have not yet been validated by the customers. In addition, any that have been sold and validated prior to any license parameter modifications you make will no longer be in sync with your database and customer uninstalls and new re-installs will no longer work as well.
A note on the databases required for this software
There are two distinct databases that the Infralution License System will use. The first is the one that is used by the License Tracker tool to store all of its information regarding your products, the license types selected for those products, the license generation\validation parameters, and the generated licenses themselves. This database can either be the default Access database that is supplied in the downloaded package or you may configure one against SQL Server.
The second database is for the Authentication Web Service and is required if you select this license type for any of your products. However, in this case you may use the existing database that supports the License Tracker tool for this requirement. However, if this option is used than the License Tracker tool’s database will also have to reside where the web-service can have access to it. In addition, this means that all of the licensing data will be in a single location and the data is not encrypted.
As a result of the lack of data encryption, it should be considered that a separate authentication web-service database be configured. In this case, only the license validation and tracking information is stored, which will provide an additional level of protection for this process.
This article first appeared on Tech Notes, Black Falcon Software’s technical articles for .NET Development.