Roy Osherove

View Original

Review: CryptoLicensing for .NET

I was recently asked to review a licensing solution – CryptoLicensing for .NET(disclosure – I was paid for my time , the time it took to review it, but had only committed to doing a fair and balanced review). After reading Oren’s post a while ago about how he couldn’t find a decent licensing solution to the point of making his own, I was sure that this one will fall out as well over some technicality.

Typemock also has a home-grown solution for licensing, and while searching the web about a year ago I was hard pressed to find a decent licensing component for .NET that didn’t suck in terms of usability or features.

So, all the signs pointed to the possibility that this would be yet another one of those licensing schemes that are just not good enough, but I was wrong.

It took me less than an hour to feel pretty comfortable with the CryptoLicensing API, and the feature set it contains is pretty powerful, packaged in a very simple API. It does have some small flaws, but they are shadowed by the very big value it provides.

As one discovers pretty quickly when doing their own homegrown licensing solution, a licensing scheme has at least two main parts: THE API you use from within your software, and the Serial Generator (KeyGen) software. Often, the keygen will also have an API that can be used programmatically so that you can then generate licenses on the fly automatically per an automated request (say CRM).

I was happy to discover that CryptoLicensing supports all that out of the box and so much more. but let’s start at the beginning:

The API:

The API is very simple to use. There is only one class you use in your project: CryptoLicense. This class allows you to load a license from the local machine, or save one either to the registry or to the file system. the API can be used in two ways:

the simple way is just to check a status property on the CryptoLicense class one you have tried to “load” it. If it’s anything but Status.Valid then you need to put in a serial number.

The class can then be invoked to show a “Enter Serial” dialog that is built in, which will tell the user what are the current license terms or how much time they have left on the current license. The dialog is fully customizable – it comes with full source code so you can make it your own very simply.

here’s how the eval dialog looks:

image

I do wish that there was a way to set some of the strings in the dialog programmatically, instead of having to create your own version of the dialog, but the guys at SSWare, the maker of this tool assure me this feature is coming in future versions.

Once the dialog is gone you get back a yes\no answer. if it’s a no, the license is still not valid and you can choose to end your program right there. If it’s “yes” you can save the new license details the user entered and continue operations. it’s very simple to use.

The advanced way:

One of the features that many licensing schemes require is the ability to have different features of the software enabled or disabled based on the current license. I was happy to see that this open is built into the CryptoLIcensing API and keygen.

The API has a “IsFeatureEnabled(featureEnum)” function. there are thirty something features available in the enum. more than enough for most if not all licensing schemes. The great thing is that the license code you generate contains all the data you need to determine what feature is enabled. So, once you initialize the CryptoLicense class, you just ask whether feature in enum12 is enabled (enum12 could be mapped to some feature in your application. If that’s true, you allow that feature to run. or you don’t if it’s not. Pretty cool and powerful.

Here’s how the keygen looks (features related part is highlighted)

image

You’ll also note about the keygen that you can set many options for evaluation. and i mean many:

image

Pretty powerful. All of these features will be encapsulated int he Status property of the CryptoLicense API. If the status is not valid, you have special enaus that explain which of these statuses is true.

 

Floating licenses and license server

another powerful feature set enables you to set floating licenses in a company:

image

or lock a serial to a specific machine. The software comes with the source for a simple enough ASP.NET web serivce that ca nbe run on IIs. you install this on a machine that will be declared as your license server, and that server can “activate” software licenses based either on a serial that was provided or the amount of already active licenses for that company. tha tmeans that if you are the issuer of the software, you can have your own license server, but large companies who request floating licenses can have a customized version of the license server running on the local customer server for that specific company.

 

Licenses vs. serials

CryptoLicensing has two notions of keys. a “License” is a longer string that can be used to “activate” a customer’s software without needing outside activation. A “Serial” is issued but cannot be verified without contacting a license server. This is not clear by default in the keygen and I am told they will be making it easier to understand both in the docs and in the keygen window:

image

even now I still get a little confused what each one of those four means. I wish the UI was simpler to use.

embedded license information

One powerful feature is that you can “embed” into a license all the user and company information you need:

image

all this info can be gotten at runtime only from the license key, and allows a very simple way of mapping licenses to customers in your CRM system for example.

Summary

There are many more features that I have not covered(tried). for example, it supports licensing of .NET controls. Since I don’t do custom controls I don’t know how useful that feature is.

I’ve also looked at the obfuscated source of the cryptolicensing package and it looks pretty good. The software itself doest not offer obfuscation abilities and I like that. Focus on one thing and do it well. I’ll obfuscate using other tools, thank you.

overall I’ve found CryptoLicensing for .NET to be a very powerful and easy to use product. I think it’s the only one that I’d feel comfortable to use in a real project for now. The UI has some quirks. the only thing I’m really missing from this is the ability to disallow the same license across the network without needing to install a license server (Resharper has this ability). If that were possible this would be absolutely marvelous. I asked and was told it is coming soon to a version near you.