Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I protect/obfuscate/etc an ASP.NET MVC app's source code when deployed?

I have had good experiences recently developing with ASP.NET MVC and am considering whether or not to use it for a project coming up at work. One important consideration though: they sell source code licenses separately as a rule, and it's the kind of application we can't realistically tie to our own hosting without cutting off a large chunk of the potential market.

Is it possible to distribute an ASP.NET MVC application without source code? Or is there a fairly effective (obviously won't be foolproof but it's at least not a "steal me" welcome mat) and safe tool or method for obfuscating MVC applications? I tried a couple obfuscators that supposedly work with ASP.NET but they broke the application because of MVC's reliance on specific file/directory names.

like image 996
nathanchere Avatar asked Jan 27 '10 22:01

nathanchere


1 Answers

1) In the situation you describe where you're distributing code to business entities to host on their servers, this is a legal problem rather than a technical one. While you can deter casual attacks and change the economics of serious ones, a determined attacker will not be deterred by even the best obfuscation available to you.

2) Bear in mind that you may inconvenience your genuine customers. Many .NET developers use a decompiler as part of their normal development workflow, and flow obfuscation can have a performance impact.

3) If, having understood that, you still feel that basic keep-your-door-locked protection is worthwhile Crypto Obfuscator can obfuscate ASP.NET MVC.

like image 126
Iain Galloway Avatar answered Sep 29 '22 00:09

Iain Galloway