使用MEF，.NET C＃导入DLL时验证许可证 [英] Validating licenses when importing DLL's with MEF, .NET C#

问题描述

当我使用MEF导入DLL文件时，我需要有关如何设计许可系统的建议。因此，我的程序将运行并在启动时将开始将特定映射中的所有DLL加载到程序中。首先，我想确保程序只加载我允许的DLL，所以让我们说原始的DLL集。

其他人可以购买许可证来制作这些DLL。因此，还必须有一种方法来验证这一点。



我尝试过：



我对许可主题有绝对的经验。我已经阅读了很多文章，但似乎没有什么能适合我的问题。

I need advice on how to design a licensing system when I am importing DLL files using the MEF. So, my program would run and on startup would begin to load all the DLL's from a specific map into the program. First of, I want to make sure that the program would only load DLL's that are allowed by me, so let's say the original set of DLL's.
Other people can buy a license to also make these DLL's. So there must also be a way to validate this.

What I have tried:

I have absolutely 0 experience on the licensing topic. I have read a lot of articles but nothing really seems to fit my problem.

推荐答案

理解你采取的任何方法都容易受到逆向工程的影响。你可以期望的最多就是让某人破解你的许可机制变得困难但并非不可能。



执行许可的最佳方法是运行一切服务器 - 强制客户端连接到您的控件的服务器。



回到您的建议 - 您可以做一些低功耗的事情来验证DLL是检查程序集属性。

Understand than ANY approach you take is vulnerable to reverse engineering. The most you can hope for is to make it difficult but not impossible for someone to break your licensing mechanism.

The best way to enforce licensing is to run everything on a server - forcing the clients to connect to a server that your control.

Back to your proposal - some low effort things you can do to validate a DLL is check the assembly attributes.

var self = System.Reflection.Assembly.GetExecutingAssembly();

var assembly = System.Reflection.Assembly.LoadFile("suspect.dll");

程序集类（System.Reflection） [ ^ ]



下一级别将是DLL文件上的哈希函数。将散列结果与已知良好散列值列表进行比较 - 例如。一个允许的DLL列表。



更好的是，使用代码签名作为验证每个DLL的方法。您的应用程序存储一个公钥，可用于验证DLL的签名。



您必须通过不与任何人共享来保护私钥。



这些都不是万无一失的。所有这些都是为了提高难度级别，实际上支付许可证的费用实际上要花费时间来破解它。

Assembly Class (System.Reflection)[^]

Next level up would be a hash function on the DLL file. Compare the hash result to a list of known good hash values - eg. an "allowed" list of DLLs.

Better still, use code signing as a way to authenticate each DLL. You application stores a public key which can be used to validate the signature of the DLL.

You must protect the private key by not sharing it with anyone.

None of these are foolproof. It's all about raising the difficulty level where it is actually cheaper to pay for a license than spend the time to crack it.

这篇关于使用MEF，.NET C＃导入DLL时验证许可证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！