c# - WCF Security License Scenario -

-

we trying build best security scenario our case.

one company can install our software in multiple computers. 1 company can buy multiple licenses can shared between employees. every time 1 employee wants use our software, he/she able see popup screen licenses company has bought shown. then, if license being used, employee able see using it.

  1. no password has entered in order see company licenses. there need distinguish licenses company has bought.

  2. when user wants use license (use application), have enter own password.

the connection between wpf application , server done using wcf service. there must kind of token check if connection server still possible every 5 minutes otherwise application close.

what have thought here deploy 1 certificate every company. whenever company authenticated using certificate, able show company licenses whenever application launched.

then, when user wants open application, select 1 license, , password box prompted. authentication done using sqlmembershipprovider.

would possible implemented? please tell thought it.

you haven't told server hosted - on-premise or central location. , needed unnamed licenses track concurrent users (or concurrent sessions i.e. same user may use application multiple computers). outline of have done on-premise server:

  • for every company, create license file. simple xml file containing data such number of licenses, expiry date, company identifier (& other information). important thing encrypt contents using private key. should store hash check against tampering
  • the license file given each company place on server @ configured location. license delivery can manual (email/web download) or automated (provide registration key download license)
  • server code read license using public key , apply licensing rules.
  • for centrally hosted server, outline similar license store in control , such there no need encrypt data. however, important issue each company identifier token (say digital certificate) can track license against correct company.

user authentication such unrelated , can use authentication scheme want. whenever user authenticated (say using user-name/password), license marked consumed. central server (hosted services) model, can use user authentication authenticate company (w/o issuing separate digital certificate them).


Comments

Post a Comment

Popular posts from this blog

linux - Mailx and Gmail nss config dir -

-
i trying send mail linux command line using mailx command. can send local domain no problem want set mail send gmail account receive mail sent gmail account. after configuring mail.rc so: account gmail { set smtp=smtps://smtp.gmail.com:587 set smtp-auth=login set smtp-auth-user=username@gmail.com set smtp-auth-password=password set ssl-verify=ignore } i error: resolving host smtp.gmail.com . . . done. connecting 74.125.25.109 . . . connected. missing "nss-config-dir" variable. "/home/username/dead.letter" 11/354 . . . message not sent. after looking "nss-config-dir" here , located certn.db , keyn.db files , added mail.rc so: account gmail { set smtp=smtps://smtp.gmail.com:587 set smtp-auth=login set smtp-auth-user=username@gmail.com set smtp-auth-password=password set ssl-verify=ignore set nss-config-dir=/home/user/.mozilla/firefox/location.default } now when try send mail using command: echo "sent gmail account" | mailx -v -a
Read more

c# - Is it possible to remove an existing registration from Autofac container builder? -

-
something along lines: builder.registertype<mytype>().as<itype>(); builder.registertype<mytype2>().as<itype>(); builder.deregistertype<mytype>().as<itype>() var container = builder.build(); var types = container.resolve<ienumerable<itype>>(); assert.istrue(types.count == 1); assert.istrue(types[0].gettype == typeof(mytype2)); scenario: go through bunch of assemblies , go register types want make sure have 1 implementation of given type. need before create container. track on own nice if autofac me bit. this cannot done directly using containerbuilder , unless start on new one. mind you, having first built container should able construct new container filtering away unwanted types , reusing registrations first container. this: ... var container = builder.build(); builder = new containerbuilder(); var components = container.componentregistry.registrations .where(cr => cr.activator.limittype != typ
Read more

php - Mysql PK and FK char(36) vs int(10) -

-
i have read mysql can handle indexes , searches better if tables keys integers rather char(36) uuid's. is worth converting int(10)? note: use 1 server , have have plans use multiple databases concurrently therefore removing 1 of big reasons using uuid. our tables innodb if makes difference. thanks in advance. usually rdbms can handle integer keys pk more efficient, other datatypes. reason how build index column, yes: long dont require string (or other typed) keys, should use integers. however: char(36) , int(10) far away being equal, because int(10) much smaller, char(36). dont know, if require many different keys, should keep in mind. update, complete last paragraph: int(10) 32-bit, char(36) 36 - ^byte^ (= 288-bit). not mean, int consumes less space, means, char(36) has 4 times more different keys.
Read more