PLUSManaged: Validating Time-Limited and Subscription Licenses

Validating time-limited licenses is simple in principle. To do this you can simply check to make sure the system's current date (DateTime.UtcNow.Date) is not past the license file's EffectiveEndDate. However, the tricky part is checking to make sure your application can trust the licensed system is reporting a reasonably accurate date. PLUSManaged offers a variety of ways to validate the system's date, and it is up to you to pick and chose the methods most appropriate and reliable for your application based upon its needs and the expectations of the environments in which the application will run. If your licensing requirements never impose any time limits, then you may not need to worry about validating the licensed system's clock (although it would still be good to read through and understand the subject for future reference).

Local Validation

Local validations are validations or checks your application can perform to prevent system clock tampering. PLUSManaged offers a number of pieces of information and validation objects that you can use.

API Tampering

Regardless of whether or not .NET is being used, your application will ultimately end up making calls to Windows API functions to get the system's date and time. There are some tools available (such as "Time Stopper" or "RunAsDate"), which essentially take the place of these Windows API functions in your application (via function hooking) and send an altered date to your application.  Unfortunately, this type of hack is very impractical to prevent without being very invasive. However, the good news is that detecting this type of hack is generally very easy, as these types of tools generally result in the underlying APIs always returning the same time. PLUSManaged makes this very easy to detect and react to by adding code that uses the SystemClockValidation to your license implementation's Validate method as shown in the example below.

C#
SystemClockValidation clockValidation = new SystemClockValidation();
if (!clockValidation.Validate())
{
this.LastError = clockValidation.LastError;
return false;
}
VB.NET
Dim clockValidation As New SystemClockValidation()
If Not clockValidation.Validate() Then
Me.LastError = clockValidation.LastError
Return False
End If

Evaluating Date Properties

There are several properties inherited in your license implementation class that you can evaluate to prevent system clock tampering. These properties include:

Enforcing Time Limitations

When using a time-limited license, PLUSManaged includes a LicenseEffectiveDateValidation class that your application can leverage to validate the EffectiveStartDate, EffectiveEndDate, and SignatureDate properties. The example below shows how your application can validate these dates (and this code excerpt assumes it is in a method in your license implementation class, as the keyword this/Me represents a License object).

C#
LicenseEffectiveDateValidation dateValidation = new LicenseEffectiveDateValidation(this);
if (!dateValidation.Validate())
{
this.LastError = dateValidation.LastError;
return false;
}
VB.NET
Dim dateValidation As New LicenseEffectiveDateValidation(Me)
If Not dateValidation.Validate() Then
Me.LastError = dateValidation.LastError
Return False
End If

Alias Validation

When using a writable license (regardless of whether or not it is time-limited), it is always best to validate the LastUpdated property on the license file and aliases to ensure a backup of the license file has not been restored, and that the system clock has not been back-dated. To help simplify the process of validating the aliases, PLUSManaged includes a LicenseAliasValidation that your application may use when validating the license and/or its aliases. An example of how to use this class in your license validation class is illustrated below.

C#
LicenseAliasValidation aliasValidation = new LicenseAliasValidation(this);
if (!aliasValidation.Validate())
{
this.LastError = aliasValidation.LastError;
return false;
}
VB.NET
Dim aliasValidation As New LicenseAliasValidation(Me)
If Not aliasValidation.Validate() Then
Me.LastError = aliasValidation.LastError
Return False
End If

Internet Validation

When possible, using an Internet source to validate a system's clock is a good way to determine whether or not the system clock is reporting a reasonably accurate time.

SOLO Server Web Services

When your application submits requests to SOLO Server's web services (including XmlActivationService, XmlLicenseFileService, and XmlNetworkFloatingService), SOLO Server checks the requesting system's date and time. Instant SOLO Server is configured to require the requesting system's date and time to be within 24 hours of the server's date and time.  If you have configured SOLO Server or use an Instant SOLO Server Dedicated URL, you have the option contact us to obtain additional information on adjusting this requirement. Whenever the requesting system is outside of SOLO Server's requirement, the web service response will reflect an error with a result code of 5022.

Network Time Protocol

Network Time Protocol (NTP) is the protocol used by the vast majority of computers to synchronize the system clock with an Internet time server. Although there is some benefit of validating time against an additional external source, using NTP has several disadvantages and challenges, including:

If you opt to use NTP validation, it can be implemented very easily with PLUSManaged by adding a call to AddTimeServerCheck in your license implementation's constructor, and then calling the CheckTimeAgainstServers method in your license implementation's Validate method.

Automatic Recurring Payments

SOLO Server's Payment Plans allow you to offer subscription licenses, maintenance and support subscriptions, payment over multiple installments, and more. Learn more about how to configure SOLO Server for Payment Plans.