What can i do to prevent anyone from using my DLLs ?

[damon88]

Scenario:
You developing a application named "DemoSoft" which is going to be a shareware or Premium, you use different DLL's in this project and some DLL's are owned by you, they are very useful and valuable, you are selling this software and are charging the customer for what the software does but since this software uses one of your Valuable DLL, actually few functions from it you have to deploy it and cannot additionally charge for the whole dll. since that would be unwize.

Now i want to ask what can you do so that This DLL in "DemoSoft" cannot be exploited, meaning end user could use my software but if some thief tries to use my supplied DLL in one of his own app he is unable to do it, in simple terms DLL should work only and only with DemoSoft.

Is this possible ?

Or you simply have to give that dll away hoping its not exploited without ur knowledge.

 

[picoflop]

Is this possible ?

In general: probably yes.

But usually it requires either a lot of work or money (for a protection solution) or in most cases: both.

You need to "protect" the DLL somehow and any calls from the outside need to be validated against a "key" that determines that YOUR software is calling and not anybody's else.

In most cases it's not worth the hassle I guess.
And if you do some kind of "activation" ... do I need to say "Appforge"?

 

[damon88]

well i heard about Security namespace in .net which implements many classes to ensure the protection of ur code and what it can and what it cant do, And after writing this forum thread i stumbled on a article where i think i did find something, but its not very clear at the moment.

Understanding .NET Code Access Security - CodeProject

here is one point from the functions of code access security

Demand
*Enables code to demand that its callers possess a digital signature, thus allowing only callers from a particular organization or site to call the protected code.

I think its similar to protection you said picoflop i will be needing some key etc, i think that is what this method should do. But i dont have working eg yet

I hope someone helps me a little bit more here . ... . . .

 

[picoflop]

Code Access Security of .Net will not do, what you need. This is stuff to "protect" a user PC from malicious code. Not protecting code from peeping eyes.

Code Access means:
what (functions, etc) can this piece of code access
and not:
who can access the code

 

[damon88]

Specifically if the caller is checked for a digital signature and in our case if this caller is our peeper then it does the trick doesnt it ? If not then can you explain if you have some of your precious time ?

 

[JohnH]

Similar discussion: Protect C# DLL from third party - Stack Overflow

Using some identity permission sounded ideal, but it has no effect for full-trust assemblies.

One option is to hide the classes by declaring them Friend, then apply InternalsVisibleToAttribute Class (System.Runtime.CompilerServices) to allow your own specific assemblies to see them as if they were Public. It will not prevent reflection access though.

Another could be to AppDomain.CurrentDomain.SetData from the allowed consumer apps, and from strategic class constructors/methods in class library check with GetData and throw an exception if the correct 'password' is not set.

Obfuscating the assemblies would be natural.

Online deployment and services is also getting more common, where assemblies are not distributed to clients. Research the topics ClickOnce, Remoting, and Web/Wcf Services for example.