I have developed a small application that I would like to try and sell but I am unfamiliar with how best to go about this.
我开发了一个小型应用程序,我想尝试并销售它,但是我不知道如何最好地进行这个。
-
How would I go about locking the program down for trial use1.
我该如何锁定程序以供试用。
-
How would I go about dealing with accepting payments?
我该如何处理接受付款?
Bearing in mind that I am a one man band with not a lot of money, I was hoping for a solution that would be free or a low cost, effective, secure and simple to implement and maintain. This is not something that I have a lot of experience with as I have typically developed for the public sector where they buy a solution as a whoel and we have never licensed it.
考虑到我是一个没有很多钱的人乐队,我希望能有一个免费或低成本、有效、安全、易于实施和维护的解决方案。这不是我有很多经验的东西,因为我通常是为公共部门开发的,他们以whoel的形式购买解决方案,而我们从来没有许可过它。
Any help would really be appreciated. Thanks,
任何帮助都将受到感激。谢谢,
B
B
4 个解决方案
#1
36
I can tell you how I do it. Disclaimer: your mileage may vary. This is for the case of preventing casual piracy of a simple WinForms or WPF or other desktop app. It's not particularly robust or secure against sophisticated cracking, but it does a great job of preventing casual piracy.
我可以告诉你我是怎么做的。免责声明:您的行驶里程可能会有所不同。这是为了防止简单的WinForms或WPF或其他桌面应用程序偶尔被盗版。它不是特别健壮或安全,可以防止复杂的破解,但它在防止偶然的盗版方面做得很好。
-
For licensing, I tried several 3rd party solutions. They're all fairly easy to use for the nominal case of preventing casual piracy, which of course if the only piracy you should really be concerned about.
为了获得许可,我尝试了几种第三方解决方案。它们都很容易用于防止偶然盗版的名义案例,当然,如果只有盗版你应该真正关注。
-
What I found was that none of the licensing providers were really compatible with the existing payment processors / gateways. There are a few "all-in-one" solutions but the level of technical debt there was unacceptable to me (a freelancer and sole developer). I was looking for a simple way to go from a "Buy Now" link on a website to unlocking the desktop software after purchase. Some of the existing "all-in-one" solutions are overkill for this purpose, some ignore the "purchase" aspect entirely.
我发现,没有一个授权提供商真正与现有的支付处理器/网关兼容。有一些“一步到位”的解决方案,但是技术债务的水平对我来说是不可接受的(一个*职业者和唯一的开发人员)。我在寻找一种简单的方式,从网站上的“现在购买”链接到购买后解锁桌面软件。一些现有的“一体式”解决方案在这方面有些过头了,有些则完全忽略了“购买”方面。
-
I ended up using Xml Digital Signatures to sign license files with the application's private key, which is never distributed to users. The result: you have a .LIC or .LICX file on the target machine that users can read (it's plain text, except for the enveloped signature) but not modify. (Or rather, they can't modify it without you knowing they've modified it.) This little file is the key to the whole system.
最后,我使用Xml数字签名来使用应用程序的私钥对许可证文件进行签名,该私钥从未分发给用户。结果是:您在目标计算机上有一个. lic或. licx文件,用户可以读取(它是纯文本,除了信封签名),但不进行修改。(或者更确切地说,如果你不知道他们已经修改了它,他们就不能修改它。)这个小文件是整个系统的关键。
-
When the application loads, it verifies that the XML signature is valid (using the application's public key, which is distributed with the app) and if it's valid, it reads the information from the license file, and enables/disables certain features based on that. For example, your license file could contain a product expiration date, or a couple pieces of unique machine info (be careful, always, not to inconvenience your legit users with this...you don't want them to have to reapply for license keys every time they change out a hard drive).
当应用程序加载时,它将验证XML签名是否有效(使用应用程序的公钥,该公钥随应用程序一起分发),如果有效,它将从许可证文件中读取信息,并基于此启用/禁用某些特性。例如,您的许可文件可能包含一个产品过期日期,或者一些唯一的机器信息(一定要小心,千万不要给合法用户带来不便……)你不希望他们每次更换硬盘时都要重新申请许可证密钥)。
-
As an additional (and slightly more invasive) step, you can have the app connect to your server, though this gets you into server downtime issues and so forth and so on. Some devs are willing to put up with this, others aren't.
作为一个额外的(稍微更具侵入性的)步骤,您可以让应用程序连接到您的服务器,尽管这会使您陷入服务器停机问题等等。一些开发者愿意忍受这些,而其他人则不然。
-
Now for the purchase part, there are many many options. Paypal is far and away the easiest. You may or may not like their rate plans, but it's an absolute cinch to get up and running with Paypal.
现在购买部分,有很多选择。贝宝无疑是最容易的。你可能喜欢他们的费率计划,也可能不喜欢,但使用贝宝是绝对容易的。
-
For that you want a Premier or Business account, not a Personal account. Note: in the Paypal docs it sometimes says you need a Paypal Business account. Whenever they say that, they actually mean, "a Paypal Business or Premier account".
为此,你需要的是一个首要账户或商业账户,而不是个人账户。注意:在贝宝文档中,有时会说你需要一个贝宝商业账户。不管他们说什么,他们实际上是指“贝宝业务或主要账户”。
-
Now get yourself a product website and customize your Buy Now buttons etc. When the user makes a purchase, your website will receive a ping from Paypal IPN, which is their notification service. This ping is just a call to a defined HTTP endpoint on your website, and it contains all the information you'll want about the purchase. Mainly, the user's email...
现在给自己找一个产品网站,定制你的Buy Now按钮等。当用户购买时,你的网站会收到来自Paypal IPN的ping,这是他们的通知服务。这个ping只是对您网站上定义的HTTP端点的调用,它包含您想要的关于购买的所有信息。主要用户的电子邮件…
-
(Okay, I feel like I should mention: Paypal along with most other legit processors have a "sandbox" where you can test all this out before going live. Does wonders towards giving you the warm fuzzy about actually going live, with money on the line.)
(好吧,我觉得我应该提一下:贝宝和其他大多数合法的处理器都有一个“沙箱”,你可以在上线前对所有这些进行测试。能给你一种温暖的感觉,让你真正活下去,带着钱。
-
Which you'll use to auto-send the user an Activation Code after purchase, so they don't have to wait 24 hours for you to manually send them a code. Store this activation code (which under this scenario can be any unique, difficult-to-guess number, such as a GUID, prettified or not) in the DB with a usage count which you'll track to detect duplicate codes.
在购买后,您将使用它自动向用户发送激活代码,因此他们不必等待24小时来手动发送代码。在DB中存储这个激活代码(在这种情况下,它可以是任何唯一的、难以猜测的数字,比如GUID,是否经过修饰),并使用计数进行跟踪,以检测重复的代码。
-
The user enters the Activation Code into the software, via a screen you provide.
用户通过您提供的屏幕将激活代码输入到软件中。
-
The software contacts the server over https (this is a one-time thing that happens only when the software is unlocked), and says, "hey, is this license code the user just gave me valid?"
软件通过https与服务器联系(这是一次性的事情,只有在打开软件时才会发生),然后说,“嘿,用户刚刚给我的许可码是有效的吗?”
-
If the supplied activation code matches the code stored in the database at the time of sale, and that activation code hasn't yet been confirmed, then Success!
如果所提供的激活代码与在销售时存储在数据库中的代码匹配,并且激活代码还没有被确认,那么成功!
-
The server then needs to build the license file, which is an extremely simple XML or text file containing "what this copy of the software is allowed to do". There's no standard for what it should contain, only a few conventions.
然后服务器需要构建许可文件,这是一个非常简单的XML或文本文件,其中包含“允许这个软件的副本做什么”。它应该包含什么没有标准,只有一些约定。
-
The server signs the license file with the application's private key and returns it as a data stream to your application...
服务器使用应用程序的私钥签署许可证文件,并将其作为数据流返回给您的应用程序……
-
Which saves it as a .LIC or .LICX (or whatever extension you want) file, which it then checks on load time as per Step 3.
它将其保存为. lic或. licx(或您想要的任何扩展)文件,然后按照步骤3检查加载时间。
This has worked really well for me, and it's a cinch to implement. The key to the whole thing is simply: trust those XML DSigs. When the LIC file is missing, you default to trial mode. When the sig is modified, you switch to trial mode. Only when the LIC file is present, validly signed, and contains the right information, do you then (in code) open up access to "full" functionality.
这对我来说非常有效,而且实现起来很容易。整个过程的关键是:信任这些XML DSigs。当LIC文件丢失时,您将默认为试用模式。当sig被修改时,您将切换到试验模式。只有当LIC文件存在、有效签名并包含正确的信息时,才能(在代码中)打开对“完整”功能的访问。
Also, interperse more than one license-check point in your code. I do one at app startup, another at idle, and another just before entering key functional areas. So if someone does reverse the code, and they can, they'll at least have to do a bit of searching to gut all the license checks. Of course, nothing you can do can prevent people from patching their way around those checks. You just want to make it a bit more difficult.
另外,在代码中插入一个以上的许可证检查点。我在app startup中做一个,在idle中做一个,在进入关键功能区域之前做一个。因此,如果有人真的改变了代码,而且他们可以,他们至少需要做一点搜索,以彻底检查所有的许可证。当然,你所能做的任何事情都不能阻止人们绕过这些支票。你只是想让它更困难一点。
#2
7
If you want to do it correctly, I would honestly have to recommend buying a trusted third party solution for both of these things. There are several licensing packages out there for .Net (we use Desaware for our products, although I haven't directly worked with them that much so I couldn't give a detailed recommendation. It seems simple enough for what I've been exposed to). No fuss, no bugs, and the payoff in the long term is huge in terms of time saved.
如果您想要正确地完成它,我必须诚实地建议您为这两者购买一个值得信赖的第三方解决方案。net有几个授权包(我们在产品中使用Desaware,虽然我还没有直接使用它们,所以我不能给出详细的建议。这似乎很简单,我所接触到的。没有大惊小怪,没有错误,从长远来看回报是巨大的。
Third party payment services can handle online credit card transactions for you, and there's always PayPal as well. Google for "how to accept credit card payments on the web" and you'll come up with endless merchant solution providers.
第三方支付服务可以为你处理网上信用卡交易,而且永远有贝宝。谷歌“如何在网上接受信用卡付款”,你将会找到无数的商家解决方案提供商。
If you'd rather spend the time to build a licensing system yourself, this * thread is a pretty good resource on the various aspects to consider.
如果您愿意花时间自己构建一个许可系统,那么这个*线程是一个非常好的资源,可以用于考虑各个方面。
#3
4
You'll want to use some form of Software Projection and Licensing for .NET applications. There are hundreds of options out there, from very inexpensive (and articles for how to roll your own) to very robust commercial tools.
您将希望对. net应用程序使用某种形式的软件投影和许可。有数百种选择,从非常便宜的(以及如何滚动自己的文章)到非常健壮的商业工具。
#4
2
You can consider CryptoLicensing For .Net - it provides options for full as well as trial (usage days, unique usage days, executions, etc). It also comes with ready-to-use license server with e-commerce integrators for paypal, shareit, plimus, etc.
您可以考虑为. net提供加密授权——它提供了完整和试用(使用日、唯一使用日、执行日等)的选项。它还附带了即时使用的许可证服务器和电子商务集成商为贝宝,shareit, plimus等。
#1
36
I can tell you how I do it. Disclaimer: your mileage may vary. This is for the case of preventing casual piracy of a simple WinForms or WPF or other desktop app. It's not particularly robust or secure against sophisticated cracking, but it does a great job of preventing casual piracy.
我可以告诉你我是怎么做的。免责声明:您的行驶里程可能会有所不同。这是为了防止简单的WinForms或WPF或其他桌面应用程序偶尔被盗版。它不是特别健壮或安全,可以防止复杂的破解,但它在防止偶然的盗版方面做得很好。
-
For licensing, I tried several 3rd party solutions. They're all fairly easy to use for the nominal case of preventing casual piracy, which of course if the only piracy you should really be concerned about.
为了获得许可,我尝试了几种第三方解决方案。它们都很容易用于防止偶然盗版的名义案例,当然,如果只有盗版你应该真正关注。
-
What I found was that none of the licensing providers were really compatible with the existing payment processors / gateways. There are a few "all-in-one" solutions but the level of technical debt there was unacceptable to me (a freelancer and sole developer). I was looking for a simple way to go from a "Buy Now" link on a website to unlocking the desktop software after purchase. Some of the existing "all-in-one" solutions are overkill for this purpose, some ignore the "purchase" aspect entirely.
我发现,没有一个授权提供商真正与现有的支付处理器/网关兼容。有一些“一步到位”的解决方案,但是技术债务的水平对我来说是不可接受的(一个*职业者和唯一的开发人员)。我在寻找一种简单的方式,从网站上的“现在购买”链接到购买后解锁桌面软件。一些现有的“一体式”解决方案在这方面有些过头了,有些则完全忽略了“购买”方面。
-
I ended up using Xml Digital Signatures to sign license files with the application's private key, which is never distributed to users. The result: you have a .LIC or .LICX file on the target machine that users can read (it's plain text, except for the enveloped signature) but not modify. (Or rather, they can't modify it without you knowing they've modified it.) This little file is the key to the whole system.
最后,我使用Xml数字签名来使用应用程序的私钥对许可证文件进行签名,该私钥从未分发给用户。结果是:您在目标计算机上有一个. lic或. licx文件,用户可以读取(它是纯文本,除了信封签名),但不进行修改。(或者更确切地说,如果你不知道他们已经修改了它,他们就不能修改它。)这个小文件是整个系统的关键。
-
When the application loads, it verifies that the XML signature is valid (using the application's public key, which is distributed with the app) and if it's valid, it reads the information from the license file, and enables/disables certain features based on that. For example, your license file could contain a product expiration date, or a couple pieces of unique machine info (be careful, always, not to inconvenience your legit users with this...you don't want them to have to reapply for license keys every time they change out a hard drive).
当应用程序加载时,它将验证XML签名是否有效(使用应用程序的公钥,该公钥随应用程序一起分发),如果有效,它将从许可证文件中读取信息,并基于此启用/禁用某些特性。例如,您的许可文件可能包含一个产品过期日期,或者一些唯一的机器信息(一定要小心,千万不要给合法用户带来不便……)你不希望他们每次更换硬盘时都要重新申请许可证密钥)。
-
As an additional (and slightly more invasive) step, you can have the app connect to your server, though this gets you into server downtime issues and so forth and so on. Some devs are willing to put up with this, others aren't.
作为一个额外的(稍微更具侵入性的)步骤,您可以让应用程序连接到您的服务器,尽管这会使您陷入服务器停机问题等等。一些开发者愿意忍受这些,而其他人则不然。
-
Now for the purchase part, there are many many options. Paypal is far and away the easiest. You may or may not like their rate plans, but it's an absolute cinch to get up and running with Paypal.
现在购买部分,有很多选择。贝宝无疑是最容易的。你可能喜欢他们的费率计划,也可能不喜欢,但使用贝宝是绝对容易的。
-
For that you want a Premier or Business account, not a Personal account. Note: in the Paypal docs it sometimes says you need a Paypal Business account. Whenever they say that, they actually mean, "a Paypal Business or Premier account".
为此,你需要的是一个首要账户或商业账户,而不是个人账户。注意:在贝宝文档中,有时会说你需要一个贝宝商业账户。不管他们说什么,他们实际上是指“贝宝业务或主要账户”。
-
Now get yourself a product website and customize your Buy Now buttons etc. When the user makes a purchase, your website will receive a ping from Paypal IPN, which is their notification service. This ping is just a call to a defined HTTP endpoint on your website, and it contains all the information you'll want about the purchase. Mainly, the user's email...
现在给自己找一个产品网站,定制你的Buy Now按钮等。当用户购买时,你的网站会收到来自Paypal IPN的ping,这是他们的通知服务。这个ping只是对您网站上定义的HTTP端点的调用,它包含您想要的关于购买的所有信息。主要用户的电子邮件…
-
(Okay, I feel like I should mention: Paypal along with most other legit processors have a "sandbox" where you can test all this out before going live. Does wonders towards giving you the warm fuzzy about actually going live, with money on the line.)
(好吧,我觉得我应该提一下:贝宝和其他大多数合法的处理器都有一个“沙箱”,你可以在上线前对所有这些进行测试。能给你一种温暖的感觉,让你真正活下去,带着钱。
-
Which you'll use to auto-send the user an Activation Code after purchase, so they don't have to wait 24 hours for you to manually send them a code. Store this activation code (which under this scenario can be any unique, difficult-to-guess number, such as a GUID, prettified or not) in the DB with a usage count which you'll track to detect duplicate codes.
在购买后,您将使用它自动向用户发送激活代码,因此他们不必等待24小时来手动发送代码。在DB中存储这个激活代码(在这种情况下,它可以是任何唯一的、难以猜测的数字,比如GUID,是否经过修饰),并使用计数进行跟踪,以检测重复的代码。
-
The user enters the Activation Code into the software, via a screen you provide.
用户通过您提供的屏幕将激活代码输入到软件中。
-
The software contacts the server over https (this is a one-time thing that happens only when the software is unlocked), and says, "hey, is this license code the user just gave me valid?"
软件通过https与服务器联系(这是一次性的事情,只有在打开软件时才会发生),然后说,“嘿,用户刚刚给我的许可码是有效的吗?”
-
If the supplied activation code matches the code stored in the database at the time of sale, and that activation code hasn't yet been confirmed, then Success!
如果所提供的激活代码与在销售时存储在数据库中的代码匹配,并且激活代码还没有被确认,那么成功!
-
The server then needs to build the license file, which is an extremely simple XML or text file containing "what this copy of the software is allowed to do". There's no standard for what it should contain, only a few conventions.
然后服务器需要构建许可文件,这是一个非常简单的XML或文本文件,其中包含“允许这个软件的副本做什么”。它应该包含什么没有标准,只有一些约定。
-
The server signs the license file with the application's private key and returns it as a data stream to your application...
服务器使用应用程序的私钥签署许可证文件,并将其作为数据流返回给您的应用程序……
-
Which saves it as a .LIC or .LICX (or whatever extension you want) file, which it then checks on load time as per Step 3.
它将其保存为. lic或. licx(或您想要的任何扩展)文件,然后按照步骤3检查加载时间。
This has worked really well for me, and it's a cinch to implement. The key to the whole thing is simply: trust those XML DSigs. When the LIC file is missing, you default to trial mode. When the sig is modified, you switch to trial mode. Only when the LIC file is present, validly signed, and contains the right information, do you then (in code) open up access to "full" functionality.
这对我来说非常有效,而且实现起来很容易。整个过程的关键是:信任这些XML DSigs。当LIC文件丢失时,您将默认为试用模式。当sig被修改时,您将切换到试验模式。只有当LIC文件存在、有效签名并包含正确的信息时,才能(在代码中)打开对“完整”功能的访问。
Also, interperse more than one license-check point in your code. I do one at app startup, another at idle, and another just before entering key functional areas. So if someone does reverse the code, and they can, they'll at least have to do a bit of searching to gut all the license checks. Of course, nothing you can do can prevent people from patching their way around those checks. You just want to make it a bit more difficult.
另外,在代码中插入一个以上的许可证检查点。我在app startup中做一个,在idle中做一个,在进入关键功能区域之前做一个。因此,如果有人真的改变了代码,而且他们可以,他们至少需要做一点搜索,以彻底检查所有的许可证。当然,你所能做的任何事情都不能阻止人们绕过这些支票。你只是想让它更困难一点。
#2
7
If you want to do it correctly, I would honestly have to recommend buying a trusted third party solution for both of these things. There are several licensing packages out there for .Net (we use Desaware for our products, although I haven't directly worked with them that much so I couldn't give a detailed recommendation. It seems simple enough for what I've been exposed to). No fuss, no bugs, and the payoff in the long term is huge in terms of time saved.
如果您想要正确地完成它,我必须诚实地建议您为这两者购买一个值得信赖的第三方解决方案。net有几个授权包(我们在产品中使用Desaware,虽然我还没有直接使用它们,所以我不能给出详细的建议。这似乎很简单,我所接触到的。没有大惊小怪,没有错误,从长远来看回报是巨大的。
Third party payment services can handle online credit card transactions for you, and there's always PayPal as well. Google for "how to accept credit card payments on the web" and you'll come up with endless merchant solution providers.
第三方支付服务可以为你处理网上信用卡交易,而且永远有贝宝。谷歌“如何在网上接受信用卡付款”,你将会找到无数的商家解决方案提供商。
If you'd rather spend the time to build a licensing system yourself, this * thread is a pretty good resource on the various aspects to consider.
如果您愿意花时间自己构建一个许可系统,那么这个*线程是一个非常好的资源,可以用于考虑各个方面。
#3
4
You'll want to use some form of Software Projection and Licensing for .NET applications. There are hundreds of options out there, from very inexpensive (and articles for how to roll your own) to very robust commercial tools.
您将希望对. net应用程序使用某种形式的软件投影和许可。有数百种选择,从非常便宜的(以及如何滚动自己的文章)到非常健壮的商业工具。
#4
2
You can consider CryptoLicensing For .Net - it provides options for full as well as trial (usage days, unique usage days, executions, etc). It also comes with ready-to-use license server with e-commerce integrators for paypal, shareit, plimus, etc.
您可以考虑为. net提供加密授权——它提供了完整和试用(使用日、唯一使用日、执行日等)的选项。它还附带了即时使用的许可证服务器和电子商务集成商为贝宝,shareit, plimus等。