Can someone tell me what the best approach to protecting my component DLLs in .Net?
I've written a few DLL components which will be publicly available. They will be licensed accordingly but I want to programmatically make sure that no one is using the components within their solutions illegally.
Any ideas?
On
Like phoenix said there is really no way to completely protect your code as they can still be decompiled via a tool like reflector.
One such tool would be to use Dotfuscator.
On
Attempting to prevent people doing things at a technology level will only lead to the dedicated working around your efforts to stop them by means of reverse engineering (to which obfuscated code will never stop them, it will only slow them down), clean room design and so forth. Your best bet is to reinforce to those who are receiving a license to use your libraries the terms of use, and to uphold your legal rights to enforce the terms of use.
On
Short of "not distributing them" there is no 100% sure way to prevent unauthorized access.
You could look into hardware or software licensing devices. Sprinkle license checks throughout your code and if the device is not present simply abort everything.
Another idea and is to declare all your types in the assembly as internal then setup your main application EXE as a friend assembly with the InternalsVisibleTo assembly attribute. This is typically used for unit-testing internal members and I have no idea how secure it would be in practice. This would not prevent people from disassembly your assembly so you may still want to obfuscate and this doesn't work at all if you are selling the library and intend only for licenses customers to use it (because you would have to provide custom builds to every customer).
Since your code is already obfuscated, you can enforce the inbuilt classes to be instantiated with a license key before any of the methods are called. If you find that the key is not valid/present you can either display a message box or return an error/exception. There are many examples of where this is done (checkout Xceed.com for one) but as the previous posts suggest, its simply for discouraging the end users from trying to use your assembly illegally. Not completely prevent it. Given sufficient time and incentive, any thing can be broken.