Tim Tim - 24 days ago 7
C# Question

Pros/Cons of using an assembly as a license file?

I was initially going to use a signed serialized xml file to store license details.
In planning, more and more has moved into this "license file" which will allow for us to distribute a single application and control available functions via the supplied license file.

The UI and printed reports are co-branded with distributors logos, so it would be good if this could be embedded into the license. I know this could be done with the serialized xml file but I was wondering what are the pros and cons of storing this data in a compiled assembly?

The license generation tool could compile the assembly with the appropriate properties and resources and sign it.

Update

From what I can see, using serialized xml or an assembly would be pretty similar. From my point of view, assemblies would allow me to add other resources and leaves some flexibility for the future. As soon as the resources get complicated, xml serialization is a pain.

Update2

The software only works with our hardware so licence security is not a massive concern. The main aim is to stop the casual user from enabling features that they have not paid for. I would be choosing one over the other for design simplicity!

Answer

A signed xml license file has few advantages, but they may not be applicaple to your situation:

  1. You can inspect the contents of it using a simple tool like notepad or a web browser. If you have to manage a lot of licenses and a lot of time goes by, you can check the license scope more easily by simply viewing the file. Even the customer can read you the most important points of his license over the phone.
  2. If a single application installation can have many licenses assigned to it (per user, per function, etc), it is easier to manage a list of xml files, than to dynamically load assemblies.
  3. It is easier to create a tool for client-side license creation -> the application would submit an unsigned xml file for signing.
  4. It's easier for versioning. If a new version of your software has new licensing options, and the old license should work with the upgraded version, depending of your implementation of the singed licensing assembly, you can break the old software.

If you don't have any of these specific needs, go with the assembly-as-a-license option, as it's simpler to implement.

Update

Looking at other answers that popped up after mine - a perfect protection for software running on a local computer does not exist and will likely not exist for a very long time. Don't spend too much time on protecting your software, because if anyone really, really wants to use it for free, he will find a way to do so. Give the users more reasons to use your application and simplify the buying experience.

Going with signing the license in a dll or an external xml file is good enough.

Comments