Protect ASP.NET Code

[CBN Media]

Hi,

We have a ASP.NET application with most of the business logic in stored
procedures, and custom components etc.
We're looking of some way to protect this code when we deploy our
application on the client's server. I remember I read somewhere about
wraping your application in one (or more) DLLs that you install so the
client doesn't actually has access to the code. What happens to the aspx
pages? The client still have access to his web server = he has access to the
aspx pages.
Now, I try to keep everything in CodeBehind pages but can those be
protected, wrap in a DLL?

Any suggestions or references very appreciated,

Thank you,
Cezar

 

[Steve C. Orr [MVP, MCSD]]

You can obfuscate your assemblies so they cannot be easily decompiled.
Visual Studio 2003 has a basic built in obfuscator, but for 2002 you'll need
a 3rd party solution.

Here's more information on obfuscators:
http://www.abderaware.com/WhitePapers/Obfuscator.htm
http://www.preemptive.com/dotfuscator/index.html
http://www.devx.com/SummitDays/Article/11351
http://www.lesser-software.com/ilobf.htm

 

[Calvin Luttrell/ProjectThunder.com]

Cezar,

There are applications for scrambling the assemblies. Any code in <% %> block on your .aspx page is going to be exposed. If you've put your code in the code behind .VB file just don't publish that file. It will be compiled in to a DLL anyways. These DLL's can be reverse engineered to a degree. It would be pretty time consuming so unless you client is Microsoft I wouldn't stress too much. That's my two cents.

-Calvin Luttrell
ProjectThunder.com

 

[Cezar]

Thank you both for the answers.

I heard about the VS.NET 2003 built in obfuscator but I could find more
info in their help files. Does it automatically "hide" the code when you
compile the application?

Ohh, I found this article on MSDN that might have the answers
http://msdn.microsoft.com/msdnmag/issues/03/11/NETCodeObfuscation/

Thank you,
Cezar