Protect web app with Sentinel HL

Question

1.00/5 (2 votes)

See more:

Hi,
I successfully protect desktop application with Sentinel HL. But when I want to protect my web app (.net mvc), I get HASPDotNetDllBroken status. My code:

C#

using(Hasp hasp=new Hasp())
{
    HaspStatus status = hasp.Login(vendorCode, localScope);
    return status.ToString();
}

I read on the web, that this is problem with dll files (path, missing...). I added all required dll files to the bin folder (I also added a references to this files in the my MVC project). It can be problem because I run my web app at the localhost (ISS)? And the problem arises when he wants to find the keys and can not find it?

Does anyone have any idea?

Thanks

Posted 2-Jul-15 7:31am

vezo11

Add a Solution

Comments

[no name] 2-Jul-15 13:44pm

Why aren't you asking the manufacturer? Do you suppose that they might know more about their product than random strangers on the internet?

vezo11 2-Jul-15 14:20pm

I have already contacted manufacturer, but my contact is on vacation (a few more days). Do you think that "strangers" on the internet do not know what could be a problem?

[no name] 2-Jul-15 14:46pm

Random strangers on the internet are not the support people for every hardware vendor on the face of the planet. The best people to help you are the people that know something about the hardware. If you contact is on vacation then either wait or get another contact.

vezo11 2-Jul-15 16:18pm

You are right. But maybe these "random strangers" on the internet have any idea for solution.. Maybe these "random strangers" on the inteternet have experience with the problem of the use of usb in the web app, iis,... I need an idea for solve a problem and not a implementation encryption algorithm.

[no name] 2-Jul-15 13:52pm

http://sentineldiscussion.safenet-inc.com/topic/haspdotnetdllbroken

vezo11 2-Jul-15 14:22pm

Thanks, but I have already read this but this is not a problem.

[no name] 2-Jul-15 14:44pm

Sorry to have wasted your time. I am unable to read your mind to know what it is that you have and have not done to fix your problem.

vezo11 2-Jul-15 16:34pm

No problem. Any idea is welcome. I included all of the dlls, but problem is somewhere else.

I think that the IIS server or web app project needs these dll files in some folder... Or it is problem because I run a test web app from Visual Studio and then a web app running on IIS, which doesnt detect a dongle.

Sergey Alexandrovich Kryukov 2-Jul-15 17:16pm

May I ask you what exactly do you mean by "protecting a Web app"? From who and what actions do you want to protect what? I'm not joking. Web applications are on the server side, their code is not accessible to the users, unlike desktop applications. Or do you want to protect it from stealing by the representatives of the hosting company? :-) If not, you need to understand: HTTP-based Web applications are different: 1) server-side code is not accessible to the client and does not need protection; 2) client-side scripts are delivered to the client side in full and cannot be protected.
—SA

vezo11 3-Jul-15 2:24am

Yes it is weird. But I have web app which must to be on the company in the intranet network (closed network). Yes, I want to protect it from stealing and copying on this company. Do you understand what I mean?

Thanks

Sergey Alexandrovich Kryukov 3-Jul-15 3:40am

No, I don't understand it, but this is because you never told us the essential thing: stealing by what party? Can you describe at least one scenario of such stealing? You never mentioned what code you think could be stolen: server-side or client side? Did you read and understand Solution 1?

Sorry, but you talking raises another question: do you really understand how Web really works? At this time, I doubt it.

—SA

vezo11 3-Jul-15 3:49am

Its is about licensing. One dongle for one machine - server. Yes I read, but in solution 1 you are talking about hosting web app on the hosting company. But I need to host web app on the company - for local use.

Sergey Alexandrovich Kryukov 3-Jul-15 4:14am

You did not answer my questions.
—SA

vezo11 3-Jul-15 4:33am

You think about stealing scenario? They can copy folders from one server and reproduce it on others servers.

Sergey Alexandrovich Kryukov 3-Jul-15 4:35am

Who, who can copy folders? How? Server-side files are not exposed to the user. Again, it tells me that you have no clue on how Web works.
—SA

vezo11 3-Jul-15 4:42am

You dont read my posts? "I have web app which must to be on the company in the intranet network (closed network)" and they have access to this server, and they can copy all the files from the server.

Sergey Alexandrovich Kryukov 3-Jul-15 11:54am

It wasn't explicitly answering my question; it wasn't not clear who owns and support the copy. My question was: server side or not, client side or not, what people having what access..? And did you read my previous comments yourself? I already mentioned that people having access to the server can reproduce the software (hosting company, but isn't it apparent that the same goes for people supporting Intranet?), we just did not discuss it yet. And the problem is that normally ASP.NET goes on the server in the form of source code. I'll edit the answer to add some information on that...

Please see updated answer, after EDIT.

—SA

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sergey Alexandrovich Kryukov · Answer 1 · 2015-07-02T11:19:00

Please see my comment to the question.

You need to understand: HTTP-based Web applications are different: 1) server-side code is not accessible to the client and does not need protection; 2) client-side scripts are delivered to the client side in full and cannot be protected.

The only concern could be trying to protect the code from the people working at your hosting company, but it could really would be difficult to achieve for shared Web service. Apparently, it could be possible to do for a dedicated private host, virtual or not, and of course, if you self-host the Web site. I doubt that this was your concern, but this is the only subject we could further discuss.

[EDIT]

Probably, the discussion on comments comes to the point where we need this "future discussion".

This is the concern of protection of the software from stealing by hosting company people. In this case, these are the people supporting server on company Intranet. In this case, protection is much harder. One possible solution could be: using the compiled version of the site. Please start here: https://msdn.microsoft.com/en-us/library/399f057w%28v=vs.85%29.aspx[^].

When the site is compiled, it can include assemblies protected using some available copy-protection products, for example, dongle-based. Of course, using the dongle resembling keeping the customers in handcuffs. Besides, any protection can be broken; at the same time, protection using purely legal means (proper license, signing of the service contract with appropriate legal terms) could work for most or all customers. I would thing first of all at this: is your software so valuable that somebody would steal it?

—SA