.NET application per-machine/per-user licensing

Question

I am about to implement a very basic licensing feature for my application. A serial number may be granted per-machine (or per-operating-system) or per-user (as for CAL in Windows Server: if my application is used by several users on one machine or if it is used by one user on several machines).

1. For per-operating-system licensing, I use SerialNumber of Win32_OperatingSystem.

2. For per-user licensing, I use:

   WindowsIdentity currentIdentity = WindowsIdentity.GetCurrent();
   if (currentIdentity != null)
   {
       SecurityIdentifier userSid = currentIdentity.User.AccountDomainSid;
       Console.WriteLine(userSid);
   }
   

A hash of an obtained OS serial number or SID is then stored in the database, associated with application serial; each time the program starts, it queries the server, sending hash of OS SN/SID and application serial.

Is it a right thing to do it or is it completely wrong? Will it work on every Windows machine? (For example, using motherboard serial is wrong)

Answer 1

I don't see anything wrong with your approach, since I've seen a similar approach being used at work - however we use a combination of OS S/N and hardware IDs for machine licensing. Our apps don't have a per-user licensing, so I can't really advise on that.

Do note that you should not assume that values returned by WMI are in any particular format (Win32_OperatingSystem should be OK, IDs of hardware aren't always OK)

I've encountered bugs where the code accepting hardware IDs assumed a specific format and did not factor in the presence of non-alphanumeric characters such as commas and spaces.