堆栈内存溢出
  简体   繁体   English

保护我的ASP .NET代码以进行演示?

[英]Secure My ASP .NET Code For Presentation?

 原文  2011-10-19 20:56:23       c#/ asp.net/ .net

问题描述

I have a web application , for presentation to my client they ask me to install it on their local server so they can test it , here is my question !? 我有一个Web应用程序,为了向我的客户端进行演示,他们要求我将它安装在本地服务器上以便他们可以测试它,这是我的问题!

Is there any way so i can publish uniquely for that server , i did put some limitation but many features in my app are open , so they can make a disk image from server and use it anywhere else , 有什么方法可以让我为该服务器唯一发布,我确实提出了一些限制,但我的应用程序中的许多功能都是开放的,因此他们可以从服务器制作磁盘映像并在其他任何地方使用它,

Is there any method to use so my web application check if this server is same server ( by hardware id or anything i don't have any idea ) then start to work ! 是否有任何方法可以使用,所以我的Web应用程序检查此服务器是否是相同的服务器(通过硬件ID或任何我不知道的任何东西)然后开始工作!

I saw many codes but they are win forms for generating unique hid , but how can i connect done it with asp .net 我看到很多代码,但它们是用于生成独特隐藏的胜利形式,但我如何连接到asp .net

EDIT 编辑

Could u take a look at this also , 你也可以看看这个,

i am using system.management class 我正在using system.management class

is this reliable i mean are they unique ? 这是可靠的我的意思是他们独特吗? 

  private string GetUniqueID()
    {
        string cpuInfo = string.Empty;
        ManagementClass mc = new ManagementClass("win32_processor");
        ManagementObjectCollection moc = mc.GetInstances();

        foreach (ManagementObject mo in moc)
        {
            if (cpuInfo == "")
            {
                //Get only the first CPU's ID
                cpuInfo = mo.Properties["processorID"].Value.ToString();
                break;
            }
        }
        ManagementObject dsk = new ManagementObject(@"win32_logicaldisk.deviceid=""" + "C" + @":""");
        dsk.Get();
        string volumeSerial = dsk["VolumeSerialNumber"].ToString();

        string HardWareUniqueID = volumeSerial + cpuInfo;

        return HardWareUniqueID;
    }

Appreciate your answers, Thanks in advance 感谢您的回答,提前致谢

4 个解决方案

解决方案1
 3  2011-10-19 21:08:36

If you want to avoid having it "phone home" an alternative is to generate some kind of certificate and place it on the machine. 如果你想避免让它“电话回家”,另一种方法是生成某种证书并将其放在机器上。 Use a private key that only you know to encrypt the machine name and/or IP. 使用只有您知道的私钥才能加密计算机名称和/或IP。 Then have your app use your public key to decrypt it to verify that it is allowed to run on this server. 然后让您的应用程序使用您的公钥对其进行解密,以验证是否允许它在此服务器上运行。 Nobody who doesn't know your private key will be able to create valid certificates. 没有人知道您的私钥将无法创建有效的证书。

解决方案2
 1 已采纳  2011-10-19 21:04:26

You hae a few choices... 你有几个选择......

  1. Lock your web site to the single IP address you install it on. 将您的网站锁定到您安装它的单个IP地址。 To make your life easier, check for that IP in a common page base class. 为了让您的生活更轻松,请在通用页面基类中检查该IP。 (Note, you could also write HTTP handlers, but the base-class approach is easier.) (注意,您也可以编写HTTP处理程序,但基类方法更容易。)

  2. Put a 'phone home' call in the app that checks with your server every time it's started up. 在应用程序中放置一个“电话回家”电话,每次启动时都会检查您的服务器。 That way you can check if they have moved it or if multiple instances are running. 这样,您可以检查是否已移动它或是否正在运行多个实例。

  3. Use the built-in licensing features of .NET (the same one third-party developers use for controls, etc.) 使用.NET的内置许可功能(同一个第三方开发人员用于控件等)

  4. The easiest... just put in a time-bomb that lets them test it for a few weeks, then automatically blocks access. 最简单的...只需加入定时炸弹,让它们测试几周,然后自动阻止访问。 Be smart though... persist the last-checked time so you can tell if they've rolled back their clock trying to get more usage. 要聪明一点......坚持最后检查的时间,这样你就可以判断他们是否已经回滚了他们的时钟,试图获得更多的使用。

Just make sure to distribute a web application, not a web project so you can distribute your code as a compiled bumary rather than having to ship the code-behind files. 只需确保分发Web应用程序,而不是Web项目,这样您就可以将代码分发为已编译的bumary,而不必分发代码隐藏文件。 That will keep prying eyes out, but does make deployment more a pain since you always have to recompile with every change (as opposed to on-demand compiling.) 这将继续窥探,但确实使部署更加痛苦,因为您总是需要重新编译每次更改(而不是按需编译)。

解决方案3
 0  2011-10-19 21:11:42

I would put in a time bomb. 我会投入定时炸弹。 It's trivial to implement. 实施它是微不足道的。 Also, your client's won't think that you don't trust them. 此外,您的客户不会认为您不信任他们。 A fixed evaluation period in the application is extremely common. 应用程序中的固定评估期非常常见。

解决方案4
 0  2011-10-19 21:18:27

在没有任何用户访问权限的情况下为他们提供VMware映像,只允许他们在Web浏览器中通过HTTP从外部打开网站。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在ASP.NET MVC解决方案中从我的域对象重构表示代码的最佳方法是什么? - What is the best way to refactor presentation code out of my domain objects in an ASP.NET MVC solution? ASP.NET MVC:如何让我的业务规则验证冒泡到表示层? - ASP.NET MVC: How can I get my business rule validation to bubble up to the presentation layer? ASP.NET应用程序中数据的动态表示 - Dynamic Presentation of Data in an ASP.NET Application 在asp.net Webform中显示PowerPoint演示文稿? - Display powerpoint presentation in asp.net webform? wcf 服务和asp .net 表示层 - wcf service and asp .net presentation layer ASP.Net重定向到安全 - ASP.Net Redirect to secure ASP.NET 中的安全 Cookie - Secure Cookies in ASP.NET 查看我的ASP.NET身份验证代码 - Review my ASP.NET Authentication code 运行ASP.NET WebForms应用程序时从类库的代码中读取安全的.pem文件 - Reading a secure .pem file from a class library's code when running ASP.NET WebForms application 我应该如何保护我的 Web 应用程序(ASP.Net Core 3.1 MVC)? - How should i secure my Web Application(ASP.Net Core 3.1 MVC)?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM