License protection of the ASP.NET application is quite similar to the process for desktop .NET applications if ASP.NET application is used in the Full Trust environment. In this section we suppose that your application will be executed in the Full Trust environment. If you are suppose to use your product in Medium Trust environment then we suggest you to take a look to another document: “Protect ASP.NET application with Unlock Key licensing schema in Medium Trust environment”.
We will show how the “Unlock Key with Activation” licensing schema can be used for ASP.NET application in the Full Trust environment. We also will show how the User Data encrypted to the Unlock Key can be used to limit number of the concurrent sessions. We suppose that you have read “Quick Start” and “Using of the online product activation” sections in our documentation, because this document describes differences for this approach. You can download “Protect Web-based (ASP.NET) application using ‘Unlock Key with Activation’ licensing schema” sample ASP.NET application from our site at the http://www.mancosoftware.com/licensing/download.htm in section “Samples”.
First of all you have to create your web product as regular ASP.NET application (not as a plain web-site). It means that code-behind of your application should be compiled to the regular .NET assembly.
License protection code could throw some exceptions when create license object (for example, when license file is not found). We should have an ability to log this exceptions somehow to be able understand and solve licensing problems. You can use different approaches for error handling, for example, some kind of the log file. In this tutorial we will use Event Log to write information about licensing exceptions.
The ASPNET (or NetworkService for applications that run on Internet Information Services [IIS] 6.0 and high) user account is very limited in access rights, so we can’t create Event Log Source from our ASP.NET application. To avoid this problem we added small Windows Forms project to our solution which can be used to create Event Log Source. To do it open our sample solution in Visual Studio and rebuild RegisterEventLogSource project:
Then in the Windows Explorer go to the bin\Debug folder of this project. Right click the RegisterEventLogSource.exe and select “Run as Administrator”.
When application form appears click the “Create Event Log” button. This way new Event Log Source will be registered and we could use it from the ASP.NET application.
Very often ASPNET user account (default account for ASP.NET applications) has no access to the Windows Registry. We recommend you to use “Isolated Storage” as protected storage for ASP.NET products:
We suppose store number of the concurrent sessions allowed in the “Unlock Key” as user data. You should change Unlock Key format to allow it. Include format character U with max length of the user data (3, for example) to the format string. Correspondent format qualifier will looks like following: {U3}. You can put it at any place in the format string:
If protected class already exists in your application then you must regenerate “ILicenseKeyProvider” code and replace it. If it is not then you have to create license protected class in your application. Take a look to the “MyAppLicense” class in our sample application. It demonstrates how this class can looks like. The main difference with desktop applications is that you should assign HttpServerUtility object to the “HttpServer” property of the license object. It is used to perform specific web-based validations. The code of the protected class constructor can looks like the following:
[C#] [Visual Basic]We recommend you to have only one static (Shared in VB) instance of the license protected class in your application. It will decrease time necessary to load and validate license. It is reasonable to have this instance in the Global class (Global.asax.cs or Global.asax.vb) and create protected object when ASP.NET application starts (in the “Application_Start” method). The application start code in the Global class can looks like the following:
[C#] [Visual Basic]Now you should add code that will count number of the concurrent sessions and compare it with value stored in the Unlock Key. Add new property to your protected class that will read user data encrypted to the Unlock Key and convert it to the integer value:
[C#] [Visual Basic]Note: pay attention, that “UserData” property of the license object contains data in case of the successful Unlock Key verification only. So the “NumberOfSessionsAllowed” property can be used after license validation only.
The best (and looks like single) place where you can count number of sessions started is session started event handler in the Global class. Don’t forget decrease number of session started in the session end event handler:
[C#] [Visual Basic]Now you should create license type that uses “Unlock Key with Activation” licensing schema and allows entering of the customer specific User Data. This license type can look like following:
Then you should create evaluation license file using this license type. Evaluation license file shouldn’t contain any Unlock Key, Activation Key or User Data. Correspondent sale record could looks like the following:
Pay attention that both: “Unlock Key”, “Activation Key” and “User Data” fields are empty, “Write Key To File” checkbox is checked.
When customer buys your software you create new purchase under this license type, enter number of the concurrent sessions allowed to the “User Data” field, and generate Unlock Key.
Pay attention that number “5” has been entered in the “User Data” field to specify number of the concurrent sessions allowed. User data MUST be specified BEFORE Unlock Key will be generated.