Tuesday, August 14, 2012

Review of .NET Licensing Solutions

In preparation for my new application FlexMerge which will go on sale soon (plug: at www.arrow-of-time.com !), I've been investigating Licensing/code protection issues.
This is a windows class library which needs to implement serial number and license based protection using an activation server.
I also wanted the ability to automatically send serials from my ASP .NET website immediately on successful checkout.
I scoured the internet, coming up with a whole bunch of likely candidates:

DeployLX (by Xheo) ($700 +)
CryptoLicensing Professional ($300)
Infralution Licensing System ($170 + $170 license tracker source code)
Eziriz Intellilock ($179)
LomaCons InstallKey ($86 source code edition)
LicenseSpot (subscription)
Soraco Quick License Manager ($400)
Manco .NET Licensing System ($200/$480)

To cut to the chase, I ended up buying CryptoLicensing, as it offered equivalent features to any of the other offerings, along with samples of the serial generator API and an activation server, at a very reasonable price.
I bought it bundled with CryptoObfuscator.
I haven't rolled it out yet: watch this space. But in testing it has performed flawlessly.

Immediately discarded was LicenseSpot, as it offers a hosted, monthly subscription based service which looks great for those looking for a simple, hosted solution, but I was pretty sure the integration with my site was going to be a problem. I'd really rather have everything stored in my own database rather than spread over the internet.

Soraco Quick License Manager was also discarded quickly as its feature set appeared to be smaller than most of the other standard offerings. It didn't appear at first sight to support serial numbers, and I didn't have the time or inclination to go looking further.

Eziriz was an early frontrunner, but then I did run across reports of bugs, particularly with obfuscation, and tardy tech support. That resulted in a knockout too.
Note that price is not much of an object for me - with my hourly rate, it was going to cost WAY more to integrate the software than to buy it.

LomaCons InstallKey looked good, and is so cheap that I bought it to look at the source code rather than stuff around with a demo version. However, there were several bugs in the project which cost me time, and it  required IIS Express to work, which I didn't want to install on my Dev machine. In the end I couldn't get it to run, even WITH source.
It had a web based license manager with source code, but this was all written in old school ASP .NET WebForms style, which I have to say makes the gore rise in my throat. I wanted something I could tweak easily, and I would have ended up rebuilding that from scratch.

DeployLX makes a big effort to make their tools user friendly. But this comes with a price tag. This was easily the most expensive option. Since time is money, I was tempted to go with them for a bit, and benefit from a bit of hand holding, but it turned out that the features I wanted would invoke several more license charges over the base charge, and also that their serial generation API has certain license restrictions.
I think they would have worked, but I thought that he licensing restrictions were a bit onerous considering the other offers out here.

Infralution looks like a good solution. Also, pay a bit more for the source code. This one looked comparable to the Crypto product, but had a Winforms based license manager. Since I'll definitely be managing licenses online, this put me off a bit. All their ancillary tools dovetail into this license manager.
That said, they supply source, so rolling your own web based manager would have been doable and supported. I would have chosen these guys had Crypto not been around.

The Roundup 

All in all, there were several good players, and a lot of choice. It happens that the CryptoLicensing package was well reviewed, had a complete feature set, and also pairs with CryptoObfuscator which also is a plus.
Where I read of problems with licensing tools in general, it was often during obfuscation that this occurred, so buying a matched license/obfuscation pair (Crypto or DeployLX) makes good sense.

I'd highlight that I think most of these packages perform well for what they do, but being a developer myself, I have fairly demanding requirements.
Also, if you are REALLY short of cash, there are some very cheap solutions out there which I think would perform quite satisfactorily if you were willing to put a bit more time into making them perform.

I think the LomaCons comment that sometimes 'less is more' hits the nail on the head. In the end, I wasn't interested in the fluff of the 'all in one' integrated solutions, I just wanted a good solid bare-metal framework I could use for my own purposes. This meant a good feature set and an easy to use API.


  1. You said deploylx would cost you more because of the features you need. Can you elaborate what extra features you needed?

  2. I've had a look and can't find the feature charges on their site - maybe they've simplified the licensing model ? It was tricky though - I had to email support to clarify the charges.
    I think it was to do with accessing license info via their API for a custom online license manager (ie. built by me). This was going to attract an extra charge per user, I think. I think there may have been a flat charge for deploying an online manager too. Sorry, I've searched but no longer have the correspondence. It was a while ago.

  3. Ah, got it! Go to the 'package pricing' area and 'build quote'. This steps you through all the licensing charges.

  4. G'Day Ben. Just wondering if you're still happy with Crypto? Upsides? Downsides? I'm leaning towards Infralution mostly because of the source code aspect for tight integration and good support on their forum. I presently use LimeLM and that works well (great support too but) the DLLs are a bit big for small apps I want to license. Also, the "untouchable" aspect bugs me. Waddya reckon?


  5. In the end, Crypto has been great. Flexible, reliable and pretty well documented. The docco could have more examples - what i specifically wanted to do wasn't covered, and i had to piece it together - but in the end, all good.
    I tried to use CryptoObfuscator, but it ended up not working (can't recollect why, it might have just crashed).
    So, upsides are a comprehesive feature set, downsides are slightly complex to implement - but that could kind of be expected.

    1. Thanks Ben. I used LimeLM on a beta of one of my apps and it worked well but was too much of a sealed unit for my comfort. I went with Infralution & bought the source code. It has been reasonably straight forward so far. IIS & ASP.NET have been the hard part, as usual.

      I tried ConfuserEx (obfuscator at GitHub) and it worked well. de4dot couldn't get any sense out of a mildly obfuscated DLL. It's a bit tricky to use but it worked for an AutoCAD plugin and they are notoriously fragile. I wouldn't bother with obfuscation unless you really feel a need for it, it adds a thick layer of complexity and also makes your own code a bit of a "sealed unit", imho.

    2. thanks for your comments! good to hear another take on thehttps://low-bandwidth.blogspot.com/logout?d=https://www.blogger.com/logout-redirect.g?blogID%3D6236178214788830159%26postID%3D2151212280518095021 issue.