I have a commercial intranet project, but how can I validate that my project is not copied from the root folder, where does IIS run? So if my client has a knowledge he could easily copy my system to play on the pendrive and resell it, am I right? What type of security should I use for intranet projects ?
My Intranet Project Security
1
asked by anonymous 21.02.2017 / 16:51
2 answers
2
First your IIS directory needs to be configured to be accessed only with your user's profile ... And from the moment you publish in the application, the code is compiled and different files are generated, which does not allow editing. But if it has access to your IIS root folder I do not see how to prevent it from copying and pasting the application to publish to another IIS.
22.02.2017 / 01:04
1
Does your project have a permanent connection to the internet? -If you have it, you can validate the execution of the application on your server. For example, validate a "secret-key" that will be in your application's code against an IP or a hostname that will be defined on your server.
Update:
If you do not have internet access, you can do the validation in the code itself, for example verify that the hostname that executes it is the only one that is authorized.
Update (2):
You can use:
System.Net.Dns.GetHostName
ou
Environment.MachineName
And check that this matches the name of the machine that is authorized to run the application.
21.02.2017 / 17:14