My company has a website product (ASP.NET) which is sold to customers. It means we don't host the website. They install it on their server and run it in the intranet.
我公司有一个网站产品(ASP.NET),销售给客户。这意味着我们不会托管该网站。他们将其安装在服务器上并在Intranet中运行。
I need to implement some sort of copy protection mechanism so that not everyone ends up installing the website. It has following aspects:
我需要实现某种复制保护机制,以便不是每个人都最终安装网站。它有以下几个方面:
- It has to be completely software based (no dongles).
- Hiding usage information in registry or some folder in c:\ (basically outside virtual directory) is not an option for a website
它必须完全基于软件(没有加密狗)。
隐藏在注册表中的使用信息或c:\中的某些文件夹(基本上在虚拟目录之外)不是网站的选项
Please can you suggest any scheme/method?
请问您能提出任何计划/方法吗?
4 个解决方案
#1
One suggestion is to use some kind of web service running, of course you need to have a main server to do so. In this server you can have some of your clients servers data (IP of the authorized servers, CPU and Motherboard ID's, and other important data).
一个建议是使用某种Web服务运行,当然你需要有一台主服务器来运行。在此服务器中,您可以拥有一些客户端服务器数据(授权服务器的IP,CPU和主板ID以及其他重要数据)。
This web service has to run some important logic of the program and return a value to the authorized servers. If the data of autorization sent by the client doesn't match, the server do will not execute the routine.
此Web服务必须运行程序的一些重要逻辑,并将值返回给授权服务器。如果客户端发送的自动化数据不匹配,则服务器不会执行该例程。
Of course I assume that this side of the logic is included in a DLL in the application and not in plain code.
当然我假设逻辑的这一面包含在应用程序的DLL中而不是普通代码中。
#2
A technique that worked well for a buddy of mine was to install a web bug on an administrative page which would report back to their server. You can monitor when and where the application is installed. It could be easily removed, but won't by most customers.
一种适用于我的好友的技术是在管理页面上安装Web错误,该页面将报告回他们的服务器。您可以监视应用程序的安装位置和位置。它可以很容易地删除,但大多数客户不会。
Simple, easy to do, and works relatively well.
简单,易于操作,并且工作相对较好。
#3
Something you could try. Compile binaries for each client, obfuscate the code, lock the site down to a single domain. If its an internal app the domain might be something like "productname.clientname.internal". The app checks the domain of all the incoming requests, refuses anything that doesn't match.
你可以试试的东西。为每个客户端编译二进制文件,对代码进行模糊处理,将站点锁定到单个域。如果它是一个内部应用程序,域可能类似于“productname.clientname.internal”。该应用程序检查所有传入请求的域,拒绝任何不匹配的内容。
As already pointed out by jeffamaphone: people will find ways around it, but it's enough to 'slow down' those not super determined.
正如jeffamaphone已经指出的那样:人们会找到解决方法,但这足以“减慢”那些并非超级决定的人。
#4
[disclaimer]I sell the product I am recommending.[/disclaimer]
[免责声明]我出售我推荐的产品。[/ disclaimer]
Take a look at DeployLX. You can add licensing to your web based application to require one of a couple different options.
看看DeployLX。您可以向基于Web的应用程序添加许可,以要求其中一种不同的选项。
- Hardware based locking so it can only be used on one machine.
- Domain based locking so it's tied to a specific domain name.
- IP based locking to tie it to an IP address.
- License server locking to that your app checks in periodically with a centralized web service.
基于硬件的锁定,因此它只能在一台机器上使用。
基于域的锁定因此它与特定域名绑定。
基于IP的锁定将其绑定到IP地址。
许可证服务器锁定到您的应用程序定期使用集中式Web服务进行检查。
It's pretty flexible and should let you create a balance between protection and not frustrating your users.
它非常灵活,应该让您在保护之间创造平衡,而不是让用户感到沮丧。
#1
One suggestion is to use some kind of web service running, of course you need to have a main server to do so. In this server you can have some of your clients servers data (IP of the authorized servers, CPU and Motherboard ID's, and other important data).
一个建议是使用某种Web服务运行,当然你需要有一台主服务器来运行。在此服务器中,您可以拥有一些客户端服务器数据(授权服务器的IP,CPU和主板ID以及其他重要数据)。
This web service has to run some important logic of the program and return a value to the authorized servers. If the data of autorization sent by the client doesn't match, the server do will not execute the routine.
此Web服务必须运行程序的一些重要逻辑,并将值返回给授权服务器。如果客户端发送的自动化数据不匹配,则服务器不会执行该例程。
Of course I assume that this side of the logic is included in a DLL in the application and not in plain code.
当然我假设逻辑的这一面包含在应用程序的DLL中而不是普通代码中。
#2
A technique that worked well for a buddy of mine was to install a web bug on an administrative page which would report back to their server. You can monitor when and where the application is installed. It could be easily removed, but won't by most customers.
一种适用于我的好友的技术是在管理页面上安装Web错误,该页面将报告回他们的服务器。您可以监视应用程序的安装位置和位置。它可以很容易地删除,但大多数客户不会。
Simple, easy to do, and works relatively well.
简单,易于操作,并且工作相对较好。
#3
Something you could try. Compile binaries for each client, obfuscate the code, lock the site down to a single domain. If its an internal app the domain might be something like "productname.clientname.internal". The app checks the domain of all the incoming requests, refuses anything that doesn't match.
你可以试试的东西。为每个客户端编译二进制文件,对代码进行模糊处理,将站点锁定到单个域。如果它是一个内部应用程序,域可能类似于“productname.clientname.internal”。该应用程序检查所有传入请求的域,拒绝任何不匹配的内容。
As already pointed out by jeffamaphone: people will find ways around it, but it's enough to 'slow down' those not super determined.
正如jeffamaphone已经指出的那样:人们会找到解决方法,但这足以“减慢”那些并非超级决定的人。
#4
[disclaimer]I sell the product I am recommending.[/disclaimer]
[免责声明]我出售我推荐的产品。[/ disclaimer]
Take a look at DeployLX. You can add licensing to your web based application to require one of a couple different options.
看看DeployLX。您可以向基于Web的应用程序添加许可,以要求其中一种不同的选项。
- Hardware based locking so it can only be used on one machine.
- Domain based locking so it's tied to a specific domain name.
- IP based locking to tie it to an IP address.
- License server locking to that your app checks in periodically with a centralized web service.
基于硬件的锁定,因此它只能在一台机器上使用。
基于域的锁定因此它与特定域名绑定。
基于IP的锁定将其绑定到IP地址。
许可证服务器锁定到您的应用程序定期使用集中式Web服务进行检查。
It's pretty flexible and should let you create a balance between protection and not frustrating your users.
它非常灵活,应该让您在保护之间创造平衡,而不是让用户感到沮丧。