Open topic with navigation
Validating time-limited licenses is simple in principle. To do this you can simply check to make sure the system's current date (DateTime.UtcNow.Date) is not past the license file's EffectiveEndDate. However, the tricky part is checking to make sure your application can trust the licensed system is reporting a reasonably accurate date. PLUSManaged offers a variety of ways to validate the system's date, and it is up to you to pick and chose the methods most appropriate and reliable for your application based upon its needs and the expectations of the environments in which the application will run. If your licensing requirements never impose any time limits, then you may not need to worry about validating the licensed system's clock (although it would still be good to read through and understand the subject for future reference).
Local validations are validations or checks your application can perform to prevent system clock tampering. PLUSManaged offers a number of pieces of information and validation objects that you can use.
Regardless of whether or not .NET is being used, your application will ultimately end up making calls to Windows API functions to get the system's date and time. There are some tools available (such as "Time Stopper" or "RunAsDate"), which essentially take the place of these Windows API functions in your application (via function hooking) and send an altered date to your application. Unfortunately, this type of hack is very impractical to prevent without being very invasive. However, the good news is that detecting this type of hack is generally very easy, as these types of tools generally result in the underlying APIs always returning the same time. PLUSManaged makes this very easy to detect and react to by adding code that uses the SystemClockValidation to your license implementation's Validate method as shown in the example below.
There are several properties inherited in your license implementation class that you can evaluate to prevent system clock tampering. These properties include:
When using a time-limited license, PLUSManaged includes a LicenseEffectiveDateValidation class that your application can leverage to validate the EffectiveStartDate, EffectiveEndDate, and SignatureDate properties. The example below shows how your application can validate these dates (and this code excerpt assumes it is in a method in your license implementation class, as the keyword this/Me represents a License object).
When using a writable license (regardless of whether or not it is time-limited), it is always best to validate the LastUpdated property on the license file and aliases to ensure a backup of the license file has not been restored, and that the system clock has not been back-dated. To help simplify the process of validating the aliases, PLUSManaged includes a LicenseAliasValidation that your application may use when validating the license and/or its aliases. An example of how to use this class in your license validation class is illustrated below.
When possible, using an Internet source to validate a system's clock is a good way to determine whether or not the system clock is reporting a reasonably accurate time.
When your application submits requests to SOLO Server's web services (including XmlActivationService, XmlLicenseFileService, and XmlNetworkFloatingService), SOLO Server checks the requesting system's date and time. Instant SOLO Server is configured to require the requesting system's date and time to be within 24 hours of the server's date and time. If you have configured SOLO Server or use an Instant SOLO Server Dedicated URL, you have the option contact us to obtain additional information on adjusting this requirement. Whenever the requesting system is outside of SOLO Server's requirement, the web service response will reflect an error with a result code of 5022.
Network Time Protocol (NTP) is the protocol used by the vast majority of computers to synchronize the system clock with an Internet time server. Although there is some benefit of validating time against an additional external source, using NTP has several disadvantages and challenges, including:
If you opt to use NTP validation, it can be implemented very easily with PLUSManaged by adding a call to AddTimeServerCheck in your license implementation's constructor, and then calling the CheckTimeAgainstServers method in your license implementation's Validate method.
SOLO Server's Payment Plans allow you to offer subscription licenses, maintenance and support subscriptions, payment over multiple installments, and more. Learn more about how to configure SOLO Server for Payment Plans.