Application License Validation

R

RobEmDee

Centurion
Joined
Mar 25, 2003
Messages
130
Location
Richmond, VA
I am beginning a round of research on a licensing scheme for a windows forms application which will begin development later this year. One ideal scenario we are shooting for is to have the application periodically go out over the pipe and talk to a Web Service on our server to validate that the application license is valid. Does anybody have any feedback from experience of implementing this type of requirement, able to point me to any helpful resources to take a look at, or point me to any third-party components that do a lot of the heavy lifting?

Thanks ahead of time! :)
 
Playing the devils advocate on this one, its generally *bad practice* to make assumptions during coding - and the assumption that a machine has the ability to contact the internet is still (even in this day and age) "A Bad One (tm)"

If you *can* make this assumption (eg: its an in-house product) you still need to decide upon the behaviour of your application if it cannot connect to the internet (e.g. a workman just sawed through your fiber!).

If it is a commercial package, I'd consider offering something along the lines of the Windows Product Activation - a challenge/response system whereby an installation generates a code based upon "identifying parameters for the computer (as a hash)" that needs to be passed to yourselves (automatically, or by telephone) which generates a response to be entered (automatically, or by telephone). Once this 'code' has been verified, you can store this fact somewhere, along with the unique-to-that-computer hash in a licence file.

The beauty of this method is that the license file can only be used on the one machine (because of the hash), and the return code can be configured to carry a 'payload' (eg an expiry date for the software, or 'activation' flags for certain modules)

You can also periodically 'dial back' to your authentication server (auto/manual) to allow continued use of the package.

Of course, any software-based system *can* be defeated, but the idea is to make it difficult for the 'average' Joe to circumvent.

B.
 
Thanks for your feedback penfold and you have made some very good points. We will be developing a Smart Client application and the business process it will be implemented into is heavily dependent on internet connectivity and communication.
A mathematical modeling tool which my company uses derives a unique license from various hardware serial #'s on the install machine and communicates this license periodically to a server maintained by the software provider. The software provider reserves the right to 'turn-off' the license in the case of a contract dereliction. It is also used to verify that the software is running from a licensed machine.
I was fishing more in my post for someone who had any development experience with a requirement like this and/or could point me to a good resource to begin doing some research.

Thanks
 
Back
Top