Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / Visual Studio.NET / Extensibility / July 2004

Tip: Looking for answers? Try searching our database.

Is there a way to prevent an Assembly from being added in the IDE

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Ross Pellegrino - 24 Jul 2004 19:44 GMT
Hi

I know about Component Licensing.  However, that Component Licensing is not
well suited for my particular need. I understand about runtime and design
time components but I want my components to be used by non-GUI apps as well.

I have an Assembly with many non-design classes that I would like only
licensed developers to use.  However, when they deploy their application
along with my assembly to their clients, I don't want their clients to start
reusing the assembly for their development purposes.

Is there a way to prevent an Assembly from being added to the IDE without a
developer license?  Or is there a way that the Assembly knows its being
added into some IDE environment, whereby I can detected is a developers
license exists?

Any help would be greatly appreciated.

Thanks in advance.
Ross
Reply to this Message
Rusty Deschenes [MS] - 28 Jul 2004 22:14 GMT
Hello Ross,

Trying to prevent your assembly from showing in the IDE is most likely the
wrong way to go. First I don't believe there is a way to do it, but even if
there was, this would not prevent people from referencing it from outside
the IDE (by example if they call the compiler from the command line).

A better approach would be for the user of your assembly to need to "provide
a proof of authorisation" to your assembly before your assembly would
execute any code. Of course your code would have to be written in such a way
that it is hard to fake the authorisation. By example if your customer have
to register their product (possibly including dll/class name, Guid, file
size,...) and if you have a webservice that get called to validate all this
information when theirs user try to run the code that use your dll, this may
work. Of course this has some side effect (assume network access; too slow
if process is short lived, but fine if process is a long lived process that
can have longer initialization,...).

Keep in mind that making it hard to work around your protection mechanism
can be hard. For the example mentioned above, it would be easy to
disassemble your dll, so you would probably want to be using an obfuscator.
You could also consider emiting code on the fly, with some amount of
randomness to make it harder to get from memory. If you do the
authentification over the network, you need to use the right encryption,...

If you really want to invest in this, and you carefully thing about all the
way someone could work around your protection mechanism, you can make it
hard for people to use your dll without having a license.

Rusty

Signature

--
Rusty Deschenes [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.

> Hi
>
[quoted text clipped - 16 lines]
> Thanks in advance.
> Ross
Reply to this Message
Ross Pellegrino - 29 Jul 2004 00:55 GMT
> Trying to prevent your assembly from showing in the IDE is most likely the
> wrong way to go.
*** I agree.

> better approach would be for the user of your assembly to need to "provide
> a proof of authorization" to your assembly before your assembly would
> execute any code.
*** This was exactly what I have done and it works great.  I couldn't use a
LIC file, but rather, I created a *.resx file that contains an encrypted
128bit string.  The developer must embed this file within their code.  I was
hoping to not make the licensed developer do this, but its the only way to
protect my investment.  In retro, I kind of like the idea now, because I can
encrypted things like: beta or release, version, expiry data, etc....

> Keep in mind that making it hard to work around your protection mechanism
> can be hard. For the example mentioned above, it would be easy to
> disassemble your dll,
*** I got around this problem by calling a classical DLL (not an assembly).
Within this dll, the actual key is hashed.  Since my .NET components uses
many services embedded within the DLL via interop, an invalid hash key value
will return an exception.  Besides, my component is only worth $150 not
worth the effort to break it just to use it :)  I don't think

Thanks Rusty for your time. Your suggestions are all valid and in someway I
believe I've incorporated them in my method.

Ross

> Hello Ross,
>
[quoted text clipped - 49 lines]
> > Thanks in advance.
> > Ross
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.