I have an application (C#) and I am tasked with putting some simple licensing scheme in it. While doing that I need to save that information somewhere in computer to limit the usage.
我有一个应用程序(C#),我的任务是在其中添加一些简单的许可方案。在这样做时,我需要在计算机中的某处保存该信息以限制使用。
I need to save a date and a counter.
我需要保存日期和柜台。
How and where I should save the information which, on Windows Vista, doesnt require administrative privileges to run? (Which means saving it in System32, Program Files, HKEY_LOCAL_MACHINE is not an option.)
我应该如何以及在哪里保存在Windows Vista上不需要管理权限才能运行的信息? (这意味着将它保存在System32中,程序文件,HKEY_LOCAL_MACHINE不是一个选项。)
Please do not flood the answers with "don't do it" or "it will be cracked anyway". I do understand those logics. I just need to do anything best that can be done for this purpose.
请不要用“不要做”或“无论如何都会破解”来解决问题。我确实理解那些逻辑。我只需要为此目的做最好的事情。
3 个解决方案
#1
Consider using a third-party licensing component, such as XHEO - there's no need to reinvent the wheel.
考虑使用第三方许可组件,例如XHEO - 没有必要重新发明*。
If you are still required to write your own license system, consider using the user's profile directories or the HKEY_CURRENT_USER branch.
如果仍需要编写自己的许可证系统,请考虑使用用户的配置文件目录或HKEY_CURRENT_USER分支。
#2
we use a signed XML license file. It's a simple XML file, that displays what the user has purchased.
我们使用签名的XML许可证文件。它是一个简单的XML文件,显示用户购买的内容。
The nice thing about this is that it's future compat. You can easily add a product feature, or product line, expiration dates, and feature attributes.
关于这一点的好处是它未来的竞争。您可以轻松添加产品功能,产品系列,到期日期和功能属性。
It's easy for our commerce site to create and package licenses on demand, just be sure your private keys never get out. The pros outway the cons here for us, and the biggest problem we can't circumvent, is simply coping the license file.
我们的商务网站可以轻松地按需创建和打包许可证,只需确保您的私钥永远不会泄露。对我们来说,这里的优点是我们的缺点,也是我们无法避免的最大问题,就是简单地处理许可证文件。
here is a sample xml file
这是一个示例xml文件
<?xml version="1.0" encoding="utf-8"?>
<ProductName>
<License>
<LicenseId>20025fb9-5349-46d4-a530-55b0295beaaa</LicenseId>
<CustomerName>Scott.Cate@Example.com</CustomerName>
<MajorVersion>2008</MajorVersion>
<Product>Friendly Display Name</Product>
<ProductType>Enterprise</ProductType>
<Features>
<!--Add features here-->
</Features>
<Expires>0001-01-01T00:00:00</Expires>
</License>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>u3{..........}U2jo=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>QFg1kI{...............}DwDIE=</SignatureValue>
</Signature>
</ProductName>
And we use simple .NET built in API's to do the XML signing, and confirmation that it is singed and valid.
我们使用简单的.NET内置API来进行XML签名,并确认它是有罪的和有效的。
Things I like ...
我喜欢的事 ...
.. It's easy to read. (for tech support) .. It's easy to replace .. Easy to store, in the files system, or in our case, the database, for easy access into and out of the UI. (we have an in place update/upgrade system) .. it's easy to upgrade. We have a service that takes your old license, and after validation, offers upgrade pricing based on what's already been purchased. Then the commerce system logs the old and new license files for reference.
..它很容易阅读。 (用于技术支持)..它易于更换..易于存储,在文件系统中,或在我们的情况下,数据库,以便于访问和进出UI。 (我们有一个到位的更新/升级系统)..它很容易升级。我们提供的服务可以使用您的旧许可证,并在验证后根据已购买的内容提供升级价格。然后,商务系统记录旧的和新的许可证文件以供参考。
Things I don't like ...
我不喜欢的事情......
.. Could be copied, stolen easily
..可以复制,轻松窃取
#3
for enterprise we always use the app_root/LICENSE directory.
对于企业,我们总是使用app_root / LICENSE目录。
we also use an own custom solution, but it is rather trivial encrypting this data and verifying the license log for manipulation.
我们还使用自己的自定义解决方案,但是加密此数据并验证许可证日志是否相当简单。
#1
Consider using a third-party licensing component, such as XHEO - there's no need to reinvent the wheel.
考虑使用第三方许可组件,例如XHEO - 没有必要重新发明*。
If you are still required to write your own license system, consider using the user's profile directories or the HKEY_CURRENT_USER branch.
如果仍需要编写自己的许可证系统,请考虑使用用户的配置文件目录或HKEY_CURRENT_USER分支。
#2
we use a signed XML license file. It's a simple XML file, that displays what the user has purchased.
我们使用签名的XML许可证文件。它是一个简单的XML文件,显示用户购买的内容。
The nice thing about this is that it's future compat. You can easily add a product feature, or product line, expiration dates, and feature attributes.
关于这一点的好处是它未来的竞争。您可以轻松添加产品功能,产品系列,到期日期和功能属性。
It's easy for our commerce site to create and package licenses on demand, just be sure your private keys never get out. The pros outway the cons here for us, and the biggest problem we can't circumvent, is simply coping the license file.
我们的商务网站可以轻松地按需创建和打包许可证,只需确保您的私钥永远不会泄露。对我们来说,这里的优点是我们的缺点,也是我们无法避免的最大问题,就是简单地处理许可证文件。
here is a sample xml file
这是一个示例xml文件
<?xml version="1.0" encoding="utf-8"?>
<ProductName>
<License>
<LicenseId>20025fb9-5349-46d4-a530-55b0295beaaa</LicenseId>
<CustomerName>Scott.Cate@Example.com</CustomerName>
<MajorVersion>2008</MajorVersion>
<Product>Friendly Display Name</Product>
<ProductType>Enterprise</ProductType>
<Features>
<!--Add features here-->
</Features>
<Expires>0001-01-01T00:00:00</Expires>
</License>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>u3{..........}U2jo=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>QFg1kI{...............}DwDIE=</SignatureValue>
</Signature>
</ProductName>
And we use simple .NET built in API's to do the XML signing, and confirmation that it is singed and valid.
我们使用简单的.NET内置API来进行XML签名,并确认它是有罪的和有效的。
Things I like ...
我喜欢的事 ...
.. It's easy to read. (for tech support) .. It's easy to replace .. Easy to store, in the files system, or in our case, the database, for easy access into and out of the UI. (we have an in place update/upgrade system) .. it's easy to upgrade. We have a service that takes your old license, and after validation, offers upgrade pricing based on what's already been purchased. Then the commerce system logs the old and new license files for reference.
..它很容易阅读。 (用于技术支持)..它易于更换..易于存储,在文件系统中,或在我们的情况下,数据库,以便于访问和进出UI。 (我们有一个到位的更新/升级系统)..它很容易升级。我们提供的服务可以使用您的旧许可证,并在验证后根据已购买的内容提供升级价格。然后,商务系统记录旧的和新的许可证文件以供参考。
Things I don't like ...
我不喜欢的事情......
.. Could be copied, stolen easily
..可以复制,轻松窃取
#3
for enterprise we always use the app_root/LICENSE directory.
对于企业,我们总是使用app_root / LICENSE目录。
we also use an own custom solution, but it is rather trivial encrypting this data and verifying the license log for manipulation.
我们还使用自己的自定义解决方案,但是加密此数据并验证许可证日志是否相当简单。