Menu
This seems like a weird position to be in, but let me ask the question anyway.
I have created some DLLs that do some magical mumbo-jumbo that is needed to display the content for the website I am making right now in ASP.Net. I've got a small team of developers who can help me with this, but I am afraid that they will steal my code (the DLL) and use it in projects when they leave my company. In a software I can probably prove that they are using my DLL to generate the content, but on a server where the DLLs are not available to public I can't.
So in spite of having a team I've been working on this all alone.
My question is. Is there any way you can think of using which I can protect my DLL (which goes into the bin folder) so that my coders can't steal it, or it becomes unusable if stolen.
I just want to protect whatever goes into the bin folder.
779
ASP.NET Core contains features for managing authentication, authorization, data protection, HTTPS enforcement, app secrets, anti-request forgery protection, and CORS management. These security features allow you to build robust yet secure ASP.NET Core apps.
ASP.NET Core security featuresASP.NET Core provides many tools and libraries to secure ASP.NET Core apps such as built-in identity providers and third-party identity services such as Facebook, Twitter, and LinkedIn. ASP.NET Core provides several approaches to store app secrets.
Use PC Guard to protect your VB.NET software with advanced cryptography, anti-cracking, anti-reverse-engineering and software copy protection techniques. If you are developing Microsoft . NET framework applications by using VB.NET programming language you will need PC Guard for . NET (x86/AnyCpu) or/and PC Guard for .
You could have the dll check its environment and fail to work (I suggest you make it give wrong results rather than break) if the environment does not feel like home. You will also have to obfuscate the code to hamper efforts to remove the protection.
Edit: you could use an environment variable, registry key, existence of a performance counter, an obscure setting in machine.config, etc., and make it look like a genuine setting, then obfuscate and sign with a strong name.
156
This may not be appropriate to your situation but you could provide them with a proxy DLL which doesn't perform the calculations but instead calls your DLL.
You then keep your DLL on another server that only you have access to and the proxy DLL calls it via some sort of remoting protocol.
39
That is a weird position to be in... my condolences.
At the .Net level, the best you can do is obfuscate your code when you build it. Strongly signing your assembly will let you know if tampering is going on as well.
Another approach that some people have taken is to write the really sensitive code in C++ and compile it to an unmanaged .dll, and call into it from .net using interop. C++ bytecode is much harder to read than IL, and this throws up a lot more barriers to easy reverse-engineering.
Edit: based on comments from the OP, here is an updated answer.
If you're simply worried about them stealing the DLL that you place in the bin folder on your web server, simply publish it to a subfolder of \bin, lock the folder down using windows permissions, so there is no way they can get into it, and change your web.config to probe it.
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<probing privatePath="bin;bin\mysubfolder;" />
</assemblyBinding>
</runtime>
Definitely make sure to strongly name the .dll, and keep your private key file somewhere safe. That makes your .dll uniquely identifiable and tampering can be detected if they do get at it.
24
Related: https://stackoverflow.com/questions/181991/suggest-a-good-obfuscator-for-net-closed.
You might want to obfuscate your code selectively(keep public API's as is)
32
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
