In the previous article "Implementation of asymmetric encryption and digital signature RSA Algorithm in Silverlight", I implemented an RSA algorithm available in Silverlight. In this article, I will implement an experimental Silverlight control pure client registration authentication mechanism. I hope my friends who have done this will give more guidance.
This section describes how to use the Silverlight client control. In general, the Silverlight client controls are sold to companies that develop Silverlight programs. They are the purchasers of controls. The Silverlight client controls are used in the programs they develop. However, the Silverlight control is executed on the Website user machine that browses the Silverlight program. For more information, see.
The main process of this pure client registration and verification mechanism is as follows:
1. The control purchaser downloads and uses the Silverlight control (the Silverlight control contains the publickey and the logic for verifying the license ).
2. The control purchaser enters some registration information (such as the unique identifier of the program deployment path) through the website provided by the control builder to complete registration. Control generation Chamber of Commerce records this information, and uses privatekey to generate a RSA signed license file.
3. The control manufacturer will return the RSA signed license file to the control purchaser.
4. The control purchaser binds the license file to the program it develops and deploys.
5. The website user browses the website developed and deployed by the control purchaser, downloads the Silverlight control and executes it on the website user's machine, and verifies the unique identifier such as the license file signature and program deployment path.
The license format in this verification demo is as follows:
<License>The license records the ID of the license information record in the control Builder Database, the full name of the target control assembly with a strong name, and the unique identifier such as the program deployment path and the RSA digital signature to prevent tampering with the information.
When a user browses a website, the Silverlight control is downloaded to the user's machine for verification. It first verifies the validity of the License (that is, it uses the RSA Signature Verification Algorithm to verify whether the license file is tampered with), and then checks whether the Assembly and uniqueness mark are correct. To determine whether the control is successfully registered.
The code for verifying the license validity is as follows:
Code Public Class LicenseInternal license ()
{
}
Internal string ID {Get; set ;}
Public String assemblyname {Get; internal set ;}
Public String authorisedapp {Get; internal set ;}
Internal byte [] Signature {Get; set ;}
Public bool isvalid ()
{
// Verify that the license is valid.
Byte [] signdata = encoding. utf8.getbytes (this. ID + this. assemblyname + this. authorisedapp );
Sha1managed sha1 = new sha1managed ();
Bool verifyresult = rsamanaged. rsamanaged. Verify (signdata, publickey, sha1, this. signature );
Sha1.clear ();
Return verifyresult;
}
The code for verifying the full name of an assembly and the deployment path is as follows:
Code Private Static bool validatelicensefile ()String licensexmlstring = new streamreader (SRI. Stream). readtoend ();
License license = license. fromxmlstring (licensexmlstring );
If (license = NULL |! License. isvalid ())
{
Return false;
}
// Verify whether the full Assembly name is valid here
If (assembly. getexecutingassembly (). fullname! = License. assemblyname)
{
Return false;
}
// Verify the unique identifier such as the program deployment path here
If (application. Current. Host. Source. absoluteuri! = License. authorisedapp)
{
Return false;
}
Return true;
}
Advantages and disadvantages:
+ Private Key signature and public key verification can effectively prevent forgery of license files and analysis code from writing to the registration server (without considering tampering with the brute force method of Program Logic ).
+ Pure client authentication does not require cross-origin access, nor does the control purchaser need to deploy other things on the program Publishing Server.
-It is more difficult to enter the registration code directly.
-In the current Silverlight version, only the deployment address is found. Therefore, you can only authorize the deployment license. You cannot perform machine authorization for each developer as you would with the winform control.
The above are my preliminary ideas on the Silverlight control pure client registration and verification mechanism. I wonder if you have any better ideas. In Silverlight, can I perform machine authorization for every developer like winform controls? You are welcome to give some comments.
This article was published based on the signature 2.5 mainland China license agreement. You are welcome to reprint, interpret, or use it for commercial purposes. However, you must keep the signature kevinshan (including the link) in this article ). If you have any questions or authorization negotiation, please leave a message for me.
Download the verification demo source code:
Silverlightlicense1.zip
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
