Protect ASP.NET application using "Unlock Key with Activation" licensing schema
Sample written in C#
Sample written in Visual Basic .NET

License protection of the ASP.NET application is quite similar to the process for desktop .NET applications if ASP.NET application is used in the Full Trust environment. In this section we suppose that your application will be executed in the Full Trust environment. If you are suppose to use your product in Medium Trust environment then we suggest you to take a look to another document: “Protect ASP.NET application with Unlock Key licensing schema in Medium Trust environment”.

We will show how the “Unlock Key with Activation” licensing schema can be used for ASP.NET application in the Full Trust environment. We also will show how the User Data encrypted to the Unlock Key can be used to limit number of the concurrent sessions. We suppose that you have read “Quick Start” and “Using of the online product activation” sections in our documentation, because this document describes differences for this approach. You can download “Protect Web-based (ASP.NET) application using ‘Unlock Key with Activation’ licensing schema” sample ASP.NET application from our site at the http://www.mancosoftware.com/licensing/download.htm in section “Samples”.

First of all you have to create your web product as regular ASP.NET application (not as a plain web-site). It means that code-behind of your application should be compiled to the regular .NET assembly.

License protection code could throw some exceptions when create license object (for example, when license file is not found). We should have an ability to log this exceptions somehow to be able understand and solve licensing problems. You can use different approaches for error handling, for example, some kind of the log file. In this tutorial we will use Event Log to write information about licensing exceptions.

The user account which runs ASP.NET applications (ASPNET, NetworkService, or application pool user depends on the version of the Internet Information Services [IIS]) is very limited in access rights, so we can’t create Event Log Source from our ASP.NET application. To avoid this problem we added small Windows Forms project to our solution which can be used to create Event Log Source. To do it:

Visual Studio - Register Event Log Source project

Then in the Windows Explorer go to the bin\Debug folder of this project. Right click the RegisterEventLogSource.exe and select “Run as Administrator”.

Register Event Log application

When application form appears click the “Create Event Log” button. This way new Event Log Source will be registered and we could use it from the ASP.NET application.

Very often default account for ASP.NET applications (ASPNET, NetworkService, or application pool user depends on the version of the Internet Information Services [IIS]) has no access to the Windows Registry. We recommend you to use “Isolated Storage” as protected storage for ASP.NET products:

License Manager - Version node for ASP.NET application

We suppose store number of the concurrent sessions allowed in the “Unlock Key” as user data. You should change Unlock Key format to allow it. Include format character U with max length of the user data (3, for example) to the format string. Correspondent format qualifier will looks like following: {U3}. You can put it at any place in the format string:

License Manager - Unlock Key format with User Data

If protected class already exists in your application then you must regenerate “ILicenseKeyProvider” code and replace it. If it is not then you have to create license protected class in your application. Take a look to the “MyAppLicense” class in our sample application. It demonstrates how this class can looks like.

[C#] [Visual Basic]

We recommend you to have only one static (Shared in VB) instance of the license protected class in your application. It will decrease time necessary to load and validate license. It is reasonable to have this instance in the Global class (Global.asax.cs or Global.asax.vb) and create protected object when ASP.NET application starts (in the “Application_Start” method). The application start code in the Global class can looks like the following:

[C#] [Visual Basic]

Now you should add code that will count number of the concurrent sessions and compare it with value stored in the Unlock Key. Add new property to your protected class that will read user data encrypted to the Unlock Key and convert it to the integer value:

[C#] [Visual Basic]

Note: pay attention, that “UserData” property of the license object contains data in case of the successful Unlock Key verification only. So the “NumberOfSessionsAllowed” property can be used after license validation only.

The best (and looks like single) place where you can count number of sessions started is session started event handler in the Global class. Don’t forget decrease number of session started in the session end event handler:

[C#] [Visual Basic]

Now you should create license type that uses “Unlock Key with Activation” licensing schema and allows entering of the customer specific User Data. This license type can look like following:

License Manager - License type with user data
  1. Is Evaluation – indicates that license works as evaluation till Activation and Unlock Key will be entered.
  2. Expiration Days – sets number of day till evaluation license expire.
  3. Unlock Key – indicates that unlock key for this product issued by License Manager should be entered to get product fully functional.
  4. Activation Key – indicates that activation key created using PC system info and unlock key (ether in automatic or manual mode) should be entered to get product fully functional. Activation Key bound license to the server hardware.
  5. User Data – indicates that user data should be included to the Unlock Key. This data will contain number of concurrent sessions allowed.
  6. Key To File – indicates that important license information (unlock and activation keys) should be stored in the license protected storage to reuse in future.

Then you should create evaluation license file using this license type. Evaluation license file shouldn’t contain any Unlock Key, Activation Key or User Data. Correspondent sale record could looks like the following:

License Manager - Evaluation sale with user data

Pay attention that both: “Unlock Key”, “Activation Key” and “User Data” fields are empty, “Write Key To File” checkbox is checked.

When customer buys your software you create new purchase under this license type, enter number of the concurrent sessions allowed to the “User Data” field, and generate Unlock Key.

License Manager - Sale window with user data

Pay attention that number “5” has been entered in the “User Data” field to specify number of the concurrent sessions allowed. User data MUST be specified BEFORE Unlock Key will be generated.


Sample written in C#
Sample written in Visual Basic .NET
Manco .NET Licensing System Home Page