Activation validation of installed C# programs

Hot Topic

plug-in Outlook
object ref error
Background color of a bitmap
InvalidCastException, but just in thread
MSBuild Config Error
How to find the folder or file path dynamically?
Using Visual C# code in Visual Web Developer Express Edition
Delegates in C#?
How to redirect the process result to console.
Parameters and methods

Visual C#

Application design
unicode Characters and Sql problem
Using SqlConnection.Open repeatedly
BackgroundWorker
Using C# to restore hex binary data to image?
Decimal data type
C# Windows environment book
real time use of app.config
Trigger functionality within a C# application
How to test for values in a DataRow

Activation validation of installed C# programs

I would like to have my program validate a user license each time their program runs. The database name, company name are needed for the program to run correctly so I would like to have them enter these and enter a hashed serial number I provide for them at purchase time. The program compares the serial number they enter with an internal algorithm. If it matches, then the program can use the entered database name and company name.

I do plan on using a third party tool for obfuscation with string encryption.

I would appreciate your thoughts/ideas about how this is usually implemented for reasonable security!

Answer this question

Activation validation of installed C# programs

  • nato4

    you're correct in asking such questions, its a good challange for me, you and everyone.

    the more I think about it, the more I see now what you mean about the true statement....

    I guess yes, you can use the hash/salting approach and issue the PID (Product ID) based on them. It's a tricky thing to accomplish, since there are many ways, but also many debates! :-)



  • Caliendo

    thanks again!

    Couldn't someone just search the program code, find the if true then ... else statement and modify it to always be true This seems simpler than cracking a password.

    If the obfuscator uses string encryption for hash and salting, doesn't this help me if I want to validate the user without a webservice I realize in the end, anything can be cracked given enough time and brain power, I'm just trying to be too difficult to bother with.


  • Douglas Stockwell

    I have done smthgn simillar to this stuff,we have used a web service to activate our product.Its a 55 char length registration key basically .And a 4 char length productid also.When actiave the product with our server using web service it will return a key that writing back to a xml file file.At each time login to the appilcation the decryped key will be check with the details.Its storing 5 or 6 hardware details in encrypted form using product id so to make sure only one client can use the key at time...



  • Otto Ramirez

    not quite! (If I understand correctly)

    The webservice would return true for "yes, you can use the software" - the client software calling the webservice for authentication would simply do an if true then...else statement and thats it.

    The caller needs to know simply: "This product key here, is this legit buddy " - the buddy (webservice) simply returns true for yes, then the client can go ahead and do whatever it wants to, otherwise if false then tell the user that the key is not valid or not legit.

    I hope I understood your response correctly.... :-)



  • Ecroton

    thank you for your advice.

    I would not be storing any keys, just the hash algorithm to compare their activation code with the one I would generate with the algorithm. I guess even if the response was true/false from an activation server, someone could find the true/false variable and fix it to true.

  • Pr1nce

    you could hook up to a webservice on your end, which would take in the productID they entered and compare it to the one entered in your database on the "legit" list and return true/false accordingly however this may not be the ideal solution for such an environment.

    this is the only comment I have to add really im afraid. I guess this is just safer in a sense than say storing it internally in the application as they still can reflect the assembly and look at the product keys etc... stored within your application (even if it has been hashed and obfuscated).

    This is just my 2 cents



  • Activation validation of installed C# programs
Answer this question