Saturday, January 17, 2009
Securing the code with 'License'
Recently, I've decided to lock down some of the code at work. We've had a problem with some of our code walking out the door without our permission.
I'm not pointing fingers, but hey... we've gotta stop it from happening. Right? In the end, we need to make sure that our software checks a license file to make sure it has the rights to run.
Enter System.ComponentModel.License. This is a .NET structure for building your own licensing model. Within this setup, you can "validate" your license however you want to. My license "calls home" to make sure that it has permission to run. Or, you can check a license file on the PC. Or make the user enter a password. You can even have the thing look for a registry entry. Hey. It's up to you.
Let me show you a quick example of a license library that I've created that will require a flat file on the PC with the words "All Good". If this file exists, the license is good to go.
I know this particular example is not secure, but I wanted to keep it simple for the sake of example. In order to pull this off, we need to first create two classes that we'll use later.
With these two classes, we can now lock down our code with our simple license file. Note: The License model from Microsoft requires that it be applied to a class, not a program or static object.
Now, we've got the base code. But what does it do? When you create an instance of "MyClass" to be used in your code, it -- of course -- runs the constructor. The first line of the constructor is :
Thanks to the pre-processor line of LicenseProvider, it knows which class to call: MyLicenseProvider. Since MyLicenseProvider is a type of LicenseProvider, the License engine in .NET knows that GetLicense exists, so it gets called, which calls an instance of "MyLicense".
NOW we get to the good stuff. Inside this license library, you can do ANYTHING. However you want to validate your license is up to you. I'm going to simply open a file, if it even exists, and see if it has the right string in it. If so, we're golden.
However, if the license process should fail or return null for any reason, the LicenseManager from the constructor in our class will throw a LicenseException and the whole thing will come to a screeching halt.
Nice, isn't it?
And now, you know the basics for locking down your code. How you choose to handle these basics for doing more in securing your code is up to you.
P.S. And for you developers... keep in mind that you can require a development license SEPARATE from your run-time license, giving you the ability to make money from your work without the fear of it growing legs and breeding like roaches in the cesspool of internet piracy.
I'm not pointing fingers, but hey... we've gotta stop it from happening. Right? In the end, we need to make sure that our software checks a license file to make sure it has the rights to run.
Enter System.ComponentModel.License. This is a .NET structure for building your own licensing model. Within this setup, you can "validate" your license however you want to. My license "calls home" to make sure that it has permission to run. Or, you can check a license file on the PC. Or make the user enter a password. You can even have the thing look for a registry entry. Hey. It's up to you.
Let me show you a quick example of a license library that I've created that will require a flat file on the PC with the words "All Good". If this file exists, the license is good to go.
I know this particular example is not secure, but I wanted to keep it simple for the sake of example. In order to pull this off, we need to first create two classes that we'll use later.
MyLicense
public class MyLicense : License
{
private Type type;
public MyLicense(Type type)
{
// use this to get the GUID... which we will use as the LicenseKey.
this.type = type;
string txt = File.ReadAllText("c:\\myLicense.lic");
if (txt != "All Good")
{
throw new LicenseException("Unable to validate license");
}
}
public override string LicenseKey
{
get
{
// Simply return the application's GUID
return type.GUID.ToString();
}
}
// Required.
public override void Dispose() { }
}
MyLicenseProvider
public class MyLicenseProvider : LicenseProvider
{
public override License GetLicense(LicenseContext context, Type type,
object instance, bool allowExceptions)
{
// I want to catch any file errors and throw a license error instead.
try
{
// Use this flag to license the runtime of your code from the
// development of your code.
if (context.UsageMode == LicenseUsageMode.Runtime)
{
MyLicense L = new MyLicense(type);
return (License)L;
}
}
catch (Exception ex)
{
throw new LicenseException(type, instance, ex.Message);
}
return null;
}
}
With these two classes, we can now lock down our code with our simple license file. Note: The License model from Microsoft requires that it be applied to a class, not a program or static object.
Our Program
[LicenseProvider(typeof(MyLicenseProvider))]
public class MyClass
{
License Lic;
void MyClass()
{
// The very first thing we're going to do is see if we
// have permission to be here.
Lic = LicenseManager.Validate(typeof(MyClass), this);
}
}
Now, we've got the base code. But what does it do? When you create an instance of "MyClass" to be used in your code, it -- of course -- runs the constructor. The first line of the constructor is :
Lic = LicenseManager.Validate(typeof(MyClass), this);
Thanks to the pre-processor line of LicenseProvider, it knows which class to call: MyLicenseProvider. Since MyLicenseProvider is a type of LicenseProvider, the License engine in .NET knows that GetLicense exists, so it gets called, which calls an instance of "MyLicense".
NOW we get to the good stuff. Inside this license library, you can do ANYTHING. However you want to validate your license is up to you. I'm going to simply open a file, if it even exists, and see if it has the right string in it. If so, we're golden.
However, if the license process should fail or return null for any reason, the LicenseManager from the constructor in our class will throw a LicenseException and the whole thing will come to a screeching halt.
Nice, isn't it?
And now, you know the basics for locking down your code. How you choose to handle these basics for doing more in securing your code is up to you.
P.S. And for you developers... keep in mind that you can require a development license SEPARATE from your run-time license, giving you the ability to make money from your work without the fear of it growing legs and breeding like roaches in the cesspool of internet piracy.
Labels: C-Sharp
Subscribe to Posts [Atom]
Post a Comment