强制从本地托管Web应用程序的许可证 [英] Enforcing Licenses from Locally Hosted Web Applications

问题描述

假设我们有一个Web应用程序，将是双方

Lets say we have a web application which is going to be both

• 访问通过Internet
提供托管解决方案
• 能够从本地安装到被用作内部网申请

• A hosted solution available for access over the Internet
• Able to be locally installed to be used as an "Intranet" application

什么是强制许可此Web应用程序，从根本上使其易于开启/关闭访问客户的最佳途径。我在想的流动会是这样的：

What would be the best way to enforce licensing for this web application, essentially making it easy to turn on/off access for clients. I was thinking the flow would be something like:

客户端安装在本地--->授权与中央服务器--->允许/   拒绝访问

Clients install locally ---> Authorize with central server ---> Allow/ Deny access

另外，我希望能够确保我们可以提供免费试用版，基本上是开启和关闭应用程序的某些功能。我们还必须考虑如果我们走出去企业会发生什么。

Also, I want to be able to make sure that we can offer Free Trials, essentially turning on and off certain features of the application. We also have to consider what happens if we ever "go out of business".

推荐答案

您有正确的想法，

使用中央服务器（这可能是你的托管解决方案），

use your central server (this can be your hosted solution),

如果你建立在托管（外部）解决方案的许可证检查你可以只添加了需要许可证密钥的加密后的Web请求， 例如

if your building a licence checker on your hosted (external) solution you could just add a web request that requires a cryptographic post of the licence key, E.G

请求{域}

https://{domain}.{tdl}/licenceValid/internal

邮政查询字符串

Post querystring

licenceCrypt={licenceKey(though SHA1)}&companyId={company_id}

做你检查，然后返回一个字符串，JSON，一旦你有一个纯文本版本的工作，那么你可以介绍加密，因此你不能发送纯文本虽然互联网

Do your checks then return a string JSON and once you have a plain text version working you can then introduce cryptography so your not sending plain text though the internet

Succsess : {'status':'OK','expire':'20/07/2012 00:00:00', 'check':'18/07/2012 00:00:00'}
Fail     : {'status':'FAIL','Message':'Licence has expired'}

然后导致这个信息高速缓存。然后你就可以加载一个文件，该信息并检查校验值，如果日期小于当前日期。然而，重新下载，如果失败，且许可证未过期保持让他们使用的应用程序，但显示的通知，告诉他们许可验证已经有一个错误。许可证是过期{}日期应在授权从缓存日到期块应用告诉他们，他们需要检查有服务器连接到互联网，如果不工作，你的手机。

Then with this information cache that result. Then you can load this information from a file and check the check value if the date is less than that current date. Download again however if this fails and the licence has not expired keep letting them use application but show a notice telling them licence validation has had an error. The licence is to expire on {date} should the licence expire from cached date block the application tell them they need to check there servers connection to the internet and if that does not work phone you.

如果一切都失败了他们，你便可以在弹出的用笔驱动器对其有一个小应用程序与有新的许可信息更新存在缓存文件，使他们能够再次使用该软件，现在缓存我会建议您使用的是2路加密EG的base64但是我会推荐一强一点点

If all else fails with them you could then pop in with a pen drive that had a little application on it to update there cache file with there new licence details so they can use the software again, now for the cache I would recommend you use a 2 way encryption E.G base64 however I would recommend one a little stronger

那么你的托管解决方案只需要加载的类并为您所请求的版本的许可证，没有任何职位或如果你想单独托管的应用程序和许可证服务器可以实现对本地副本相同的检查，所以你不要'T有2个不同的code碱基

Then your hosted solution can just load in the class and check the licence for the requested version without any post or if you wanted to separate the Hosted application and the licence server you could implement the same checking on the local copy so you don't have 2 different code bases

注： 你不必派虽然companyId你可以只使用你的数据库的SHA1功能，做一个直接查找支票拿到过期和搜索数据库的东西

Notes: You dont have to send though a companyId you could just search your database by using the SHA1 function of your DB and doing a direct lookup check to get the expire and stuff

安全的数据： 如果你实现一个安全的应用程序，它包含的数据不能暴露出于某种原因，减少黑客使许可证制度在不同的端口上，并在服务器设置允许它只有先建立conections该端口上从外部调用一个Linux的路由盒子将是理想的本作的iptables可以做到这一点很简单我不知道它是设置多么容易在窗口

Secure Data: if you implementing a secure application as in it holds data that can't be exposed for some reason to reduce hacking make the licence system on a different port and in the server setup allow it to only establish conections on that port from an external call first a linux routing box would be ideal for this as iptables can do this quite simply i'm not sure how easy it is to setup on windows

更新： 从归零保护许可证的

您可以实现以prevent人的归零您的许可证，并且不需要任何本地更改的另一个特点是对许可服务器验证有主机名，这样，当一个许可证密钥用于第一次保存的主机命名兑许可密钥的数据库，如果另一个请求来自不同的主机名进来告诉他们，他们需要联系你重新启用有许可证，因为主机名称已更改，大多数公司应该运行一个静态的IP地址，这样，他们总是有一个静态的主机名，即使它有ISP的主机名

Another feature you could implement to prevent people "nulling" your licence and does not require any local changes is on the Licence server validate there host name so when a licence key is used for the first time it save's the host name to the database against the licence key if another request comes in from a different host name tell them they have to contact you re-enable there licence as there host name has changed most companies should be running a static IP Address so they will always have a static host name even if it there ISP host name

这仍然不能阻止有经验的人，他们可以绕过他们要求所有的环回黑客以prevent您的应用程序说你的服务器，然后他们就必须建立在有循环的虚拟服务器恢复与应对虚假信息

This still does not stop experienced people and they could bypass all they require is loop back hack to prevent your application talking to your servers then they would have to set-up a dummy server on there loop back to respond with false information

加倍努力的

您可以prevent方法是，将许可制度一个C＃库和应用程序会下载新版本卸载现有的组件并加载新的DLL组件，你只需要确保你不改的名字您的公共方法，那么你可以添加更多的安全性，而不会破坏服务器或一个完整的客户端更新，这样，你也可以使用某种形式的AES或基于证书加密的通信和编译的证书到使用嵌入式资源DLL。

You could prevent this by making the Licence System a C# Library and the application downloads the new version unloads the existing assembly and loads in the new DLL Assembly you just have to make sure you don't change the name of your public methods then you can add more security without breaking the server or a full client side update, with this you could also use some form of AES or Certificate Based Encryption on communications and you compile the certificate into the DLL using Embedded Resources.

通过上面的，你甚至可以走得更好，并作出新的证书为每个许可证密钥，这应该使归零极其困难*

With the above you could even go one better and make a new Certificate for every licence key and this should make "nulling" extremely difficult*

正如另一个不为*，这将需要服务器编译DLL我会强烈建议您不要将主机服务器上做到这一点，因为它会使用大量的内存和CPU能力，以尽量减少这种使用的MSBuild和保留所有的编译数据，因此唯一的变化是证书应该意味着它使.pdb文件，并应编译快了很多，

Just as another not for the * this would require the server to compile the DLL I would highly recommend you don't do this on a hosting server as it will use a lot of memory and CPU power to minimize this use MSBuild and keep all the compile data so the only thing your changing is the Certificate should mean it keeps the .pdb files and should compile a lot quicker

这篇关于强制从本地托管Web应用程序的许可证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！