Where to store application expiration date in a trial app

You could always encrypt it and store it in the config file. That will
ensure that the user can't change it or delete it. Just make sure that the
production version also requires an entry so it can't just be deleted.

--
Jeffrey Hornby
Hornby Consulting, Inc.

"Mike9900" wrote:

Hello,

I would like to store application expiration date in a file and store that
file in a secure place, so the application can access the file for all the
users on that computer.

IsolatedStorage is a good technique but it is for the each user only and is
not machine level. Registry is not good because the user may not have access
permission. Application directory is not good because the file could be
deleted and so the application trial mode does not work. So what directory
is good or does windows has an API to store a file or data?

--
Mike

Application Config File? That is an xml file. The user could uninstall the
application, remove the file and then install the app.
--
Mike
"Jeffrey Hornby" wrote:

You could always encrypt it and store it in the config file. That will
ensure that the user can't change it or delete it. Just make sure that the
production version also requires an entry so it can't just be deleted.

--
Jeffrey Hornby
Hornby Consulting, Inc.

"Mike9900" wrote:

Hello,

I would like to store application expiration date in a file and store that
file in a secure place, so the application can access the file for all the
users on that computer.

IsolatedStorage is a good technique but it is for the each user only and is
not machine level. Registry is not good because the user may not have access
permission. Application directory is not good because the file could be
deleted and so the application trial mode does not work. So what directory
is good or does windows has an API to store a file or data?

--
Mike

But since your production code needs the application configuration file to be
there with a particular entry that can only be added to the file by your code
(because its encrypted using a key that only you know). If they just delete
the app.config, then this entry also gets deleted.
--
Jeffrey Hornby
Hornby Consulting, Inc.

"Mike9900" wrote:

Application Config File? That is an xml file. The user could uninstall the
application, remove the file and then install the app.
--
Mike
"Jeffrey Hornby" wrote:

You could always encrypt it and store it in the config file. That will
ensure that the user can't change it or delete it. Just make sure that the
production version also requires an entry so it can't just be deleted.

--
Jeffrey Hornby
Hornby Consulting, Inc.

"Mike9900" wrote:

Hello,

I would like to store application expiration date in a file and store that
file in a secure place, so the application can access the file for all the
users on that computer.

IsolatedStorage is a good technique but it is for the each user only and is
not machine level. Registry is not good because the user may not have access
permission. Application directory is not good because the file could be
deleted and so the application trial mode does not work. So what directory
is good or does windows has an API to store a file or data?

--
Mike

Hello,

Thanks for help.

It sounds interesting, but could you elaborate more on this issues? What is
the Entry? How to write this entry in the app.config file? I thought
app.config is readonly.
--
Mike
"Jeffrey Hornby" wrote:

But since your production code needs the application configuration file to be
there with a particular entry that can only be added to the file by your code
(because its encrypted using a key that only you know). If they just delete
the app.config, then this entry also gets deleted.
--
Jeffrey Hornby
Hornby Consulting, Inc.

"Mike9900" wrote:

Application Config File? That is an xml file. The user could uninstall the
application, remove the file and then install the app.
--
Mike
"Jeffrey Hornby" wrote:

You could always encrypt it and store it in the config file. That will
ensure that the user can't change it or delete it. Just make sure that the
production version also requires an entry so it can't just be deleted.

--
Jeffrey Hornby
Hornby Consulting, Inc.

"Mike9900" wrote:

> Hello,
>
> I would like to store application expiration date in a file and store that
> file in a secure place, so the application can access the file for all the
> users on that computer.
>
> IsolatedStorage is a good technique but it is for the each user only and is
> not machine level. Registry is not good because the user may not have access
> permission. Application directory is not good because the file could be
> deleted and so the application trial mode does not work. So what directory
> is good or does windows has an API to store a file or data?
>
> --
> Mike

So create a custom config file. It doesn't even have to be a proper config
file, it could jsut be a smal text file. The point is it has to be there for
your application to run at all.

If the contents are a date then you check if the date is in the past or in
the future. If it's in the past you tell them to register and stop them from
goign any further.

If the contents are something other than a date, you check that its whatever
you encrypt for a production install. If it is then you let them continue.
If its not then they've messed with the file somehow and you make them
re-register or re-install or whatever it is they have to do to prove that
they have a production copy.

The reason you encrypt it is to make sure that they don't just go in and
change the date manually.

You might also want to encrypt some machine specific information into the
file like the MAC address to ensure that these files can't be carried from
one machine to another.
--
Jeffrey Hornby
Hornby Consulting, Inc.

"Mike9900" wrote:

Hello,

Thanks for help.

It sounds interesting, but could you elaborate more on this issues? What is
the Entry? How to write this entry in the app.config file? I thought
app.config is readonly.
--
Mike
"Jeffrey Hornby" wrote:

But since your production code needs the application configuration file to be
there with a particular entry that can only be added to the file by your code
(because its encrypted using a key that only you know). If they just delete
the app.config, then this entry also gets deleted.
--
Jeffrey Hornby
Hornby Consulting, Inc.

"Mike9900" wrote:

Application Config File? That is an xml file. The user could uninstall the
application, remove the file and then install the app.
--
Mike
"Jeffrey Hornby" wrote:

> You could always encrypt it and store it in the config file. That will
> ensure that the user can't change it or delete it. Just make sure that the
> production version also requires an entry so it can't just be deleted.
>
> --
> Jeffrey Hornby
> Hornby Consulting, Inc.
>
>
>
> "Mike9900" wrote:
>
> > Hello,
> >
> > I would like to store application expiration date in a file and store that
> > file in a secure place, so the application can access the file for all the
> > users on that computer.
> >
> > IsolatedStorage is a good technique but it is for the each user only and is
> > not machine level. Registry is not good because the user may not have access
> > permission. Application directory is not good because the file could be
> > deleted and so the application trial mode does not work. So what directory
> > is good or does windows has an API to store a file or data?
> >
> > --
> > Mike

I'd encrypt it and store it directly in the assembly, say in the
assemblyconfiguration attribute.
Peter

--
Co-founder, Eggheadcafe.com developer portal:
http://www.eggheadcafe.com
UnBlog:
http://petesbloggerama.blogspot.com


"Mike9900" wrote:

Hello,

I would like to store application expiration date in a file and store that
file in a secure place, so the application can access the file for all the
users on that computer.

IsolatedStorage is a good technique but it is for the each user only and is
not machine level. Registry is not good because the user may not have access
permission. Application directory is not good because the file could be
deleted and so the application trial mode does not work. So what directory
is good or does windows has an API to store a file or data?

--
Mike

Thanks for the help.

It is hard to understand your point, I am sorry.

I wanted the application to run for 30 days, for example in trial, and then
expire. But your suggestion is hard to know how to do this.

--
Mike
"Jeffrey Hornby" wrote:

So create a custom config file. It doesn't even have to be a proper config
file, it could jsut be a smal text file. The point is it has to be there for
your application to run at all.

If the contents are a date then you check if the date is in the past or in
the future. If it's in the past you tell them to register and stop them from
goign any further.

If the contents are something other than a date, you check that its whatever
you encrypt for a production install. If it is then you let them continue.
If its not then they've messed with the file somehow and you make them
re-register or re-install or whatever it is they have to do to prove that
they have a production copy.

The reason you encrypt it is to make sure that they don't just go in and
change the date manually.

You might also want to encrypt some machine specific information into the
file like the MAC address to ensure that these files can't be carried from
one machine to another.
--
Jeffrey Hornby
Hornby Consulting, Inc.

"Mike9900" wrote:

Hello,

Thanks for help.

It sounds interesting, but could you elaborate more on this issues? What is
the Entry? How to write this entry in the app.config file? I thought
app.config is readonly.
--
Mike
"Jeffrey Hornby" wrote:

But since your production code needs the application configuration file to be
there with a particular entry that can only be added to the file by your code
(because its encrypted using a key that only you know). If they just delete
the app.config, then this entry also gets deleted.
--
Jeffrey Hornby
Hornby Consulting, Inc.

"Mike9900" wrote:

> Application Config File? That is an xml file. The user could uninstall the
> application, remove the file and then install the app.
> --
> Mike
>
>
> "Jeffrey Hornby" wrote:
>
> > You could always encrypt it and store it in the config file. That will
> > ensure that the user can't change it or delete it. Just make sure that the
> > production version also requires an entry so it can't just be deleted.
> >
> > --
> > Jeffrey Hornby
> > Hornby Consulting, Inc.
> >
> >
> >
> > "Mike9900" wrote:
> >
> > > Hello,
> > >
> > > I would like to store application expiration date in a file and store that
> > > file in a secure place, so the application can access the file for all the
> > > users on that computer.
> > >
> > > IsolatedStorage is a good technique but it is for the each user only and is
> > > not machine level. Registry is not good because the user may not have access
> > > permission. Application directory is not good because the file could be
> > > deleted and so the application trial mode does not work. So what directory
> > > is good or does windows has an API to store a file or data?
> > >
> > > --
> > > Mike

Mike,
here is a "greatly simplified" example of how you could do this. Be aware,
this is NOT SECURE from decompilation!:

using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Reflection ;

[assembly: AssemblyConfiguration("06/10/2006")]
[assembly: AssemblyVersion("1.0.0.0")]
namespace AssemblyConfigurationTest
{
public class WebForm1 : System.Web.UI.Page
{
DateTime ExpirationDate;

private void Page_Load(object sender, System.EventArgs e)
{
Assembly asm = Assembly.GetExecutingAssembly();
int asmHash = asm.FullName.GetHashCode();
object[] objArray=asm.GetCustomAttributes(false) ;
int hash ;
foreach (object obj in objArray)
{
AssemblyConfigurationAttribute conf =
obj as AssemblyConfigurationAttribute;
if (conf != null)
{
hash = conf.Configuration.GetHashCode();
if(hash !=-579392602 || asmHash!=-258347722)
throw new InvalidOperationException("Assembly Has been Altered! Bad,
Bad!");
this.ExpirationDate=Convert.ToDateTime(conf.Config uration) ;
}
}
Response.Write("This Trial Version Expires: "
+this.ExpirationDate.ToString());
}

--
Co-founder, Eggheadcafe.com developer portal:
http://www.eggheadcafe.com
UnBlog:
http://petesbloggerama.blogspot.com


"Mike9900" wrote:

Hello,

I would like to store application expiration date in a file and store that
file in a secure place, so the application can access the file for all the
users on that computer.

IsolatedStorage is a good technique but it is for the each user only and is
not machine level. Registry is not good because the user may not have access
permission. Application directory is not good because the file could be
deleted and so the application trial mode does not work. So what directory
is good or does windows has an API to store a file or data?

--
Mike

I wanted a secure place such as registry to store the date/time expiration of
the software. For example, if the software expires in 30 days, each day the
user starts the program it increments the date and stores that date in a
file, it may encrypt it as well. So where is the most secure place to store
that file, also the user must have access right to that place.

Is there a better way for licensing software, or is there a good component I
can buy?
--
Mike
"Peter Bromberg [C# MVP]" wrote:

Mike,
here is a "greatly simplified" example of how you could do this. Be aware,
this is NOT SECURE from decompilation!:

using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Reflection ;

[assembly: AssemblyConfiguration("06/10/2006")]
[assembly: AssemblyVersion("1.0.0.0")]
namespace AssemblyConfigurationTest
{
public class WebForm1 : System.Web.UI.Page
{
DateTime ExpirationDate;

private void Page_Load(object sender, System.EventArgs e)
{
Assembly asm = Assembly.GetExecutingAssembly();
int asmHash = asm.FullName.GetHashCode();
object[] objArray=asm.GetCustomAttributes(false) ;
int hash ;
foreach (object obj in objArray)
{
AssemblyConfigurationAttribute conf =
obj as AssemblyConfigurationAttribute;
if (conf != null)
{
hash = conf.Configuration.GetHashCode();
if(hash !=-579392602 || asmHash!=-258347722)
throw new InvalidOperationException("Assembly Has been Altered! Bad,
Bad!");
this.ExpirationDate=Convert.ToDateTime(conf.Config uration) ;
}
}
Response.Write("This Trial Version Expires: "
+this.ExpirationDate.ToString());
}

--
Co-founder, Eggheadcafe.com developer portal:
http://www.eggheadcafe.com
UnBlog:
http://petesbloggerama.blogspot.com


"Mike9900" wrote:

Hello,

I would like to store application expiration date in a file and store that
file in a secure place, so the application can access the file for all the
users on that computer.

IsolatedStorage is a good technique but it is for the each user only and is
not machine level. Registry is not good because the user may not have access
permission. Application directory is not good because the file could be
deleted and so the application trial mode does not work. So what directory
is good or does windows has an API to store a file or data?

--
Mike

You say "Such as the Registry" making the assumption that it is a "secure
place". It is not. Anybody can use Regedit to search and modify the registry
on their own machine. Isolated storage would probably be a potential choice.
You have methods in .NET framework to access this. DPAPI is another choice,
including encryption.

If you are looking for a commercial solution, there are a number of them
available. I'd start my search at some place like ComponentSource.com.

Peter
--
Co-founder, Eggheadcafe.com developer portal:
http://www.eggheadcafe.com
UnBlog:
http://petesbloggerama.blogspot.com


"Mike9900" wrote:

I wanted a secure place such as registry to store the date/time expiration of
the software. For example, if the software expires in 30 days, each day the
user starts the program it increments the date and stores that date in a
file, it may encrypt it as well. So where is the most secure place to store
that file, also the user must have access right to that place.

Is there a better way for licensing software, or is there a good component I
can buy?
--
Mike
"Peter Bromberg [C# MVP]" wrote:

Mike,
here is a "greatly simplified" example of how you could do this. Be aware,
this is NOT SECURE from decompilation!:

using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Reflection ;

[assembly: AssemblyConfiguration("06/10/2006")]
[assembly: AssemblyVersion("1.0.0.0")]
namespace AssemblyConfigurationTest
{
public class WebForm1 : System.Web.UI.Page
{
DateTime ExpirationDate;

private void Page_Load(object sender, System.EventArgs e)
{
Assembly asm = Assembly.GetExecutingAssembly();
int asmHash = asm.FullName.GetHashCode();
object[] objArray=asm.GetCustomAttributes(false) ;
int hash ;
foreach (object obj in objArray)
{
AssemblyConfigurationAttribute conf =
obj as AssemblyConfigurationAttribute;
if (conf != null)
{
hash = conf.Configuration.GetHashCode();
if(hash !=-579392602 || asmHash!=-258347722)
throw new InvalidOperationException("Assembly Has been Altered! Bad,
Bad!");
this.ExpirationDate=Convert.ToDateTime(conf.Config uration) ;
}
}
Response.Write("This Trial Version Expires: "
+this.ExpirationDate.ToString());
}

--
Co-founder, Eggheadcafe.com developer portal:
http://www.eggheadcafe.com
UnBlog:
http://petesbloggerama.blogspot.com


"Mike9900" wrote:

Hello,

I would like to store application expiration date in a file and store that
file in a secure place, so the application can access the file for all the
users on that computer.

IsolatedStorage is a good technique but it is for the each user only and is
not machine level. Registry is not good because the user may not have access
permission. Application directory is not good because the file could be
deleted and so the application trial mode does not work. So what directory
is good or does windows has an API to store a file or data?

--
Mike