Presentation is loading. Please wait.

Presentation is loading. Please wait.

How to set up a licensing system for DNN extensions

Published byPercival Little Modified over 7 years ago

Similar presentations

Presentation on theme: "How to set up a licensing system for DNN extensions"— Presentation transcript:

1 How to set up a licensing system for DNN extensions

2 What is the reason for using licenses in DNN extensions?
Control who can use the extension in which environment (specific domain, number of users/servers, timespan, hardware…) Commercial reasons 1) I would like to start my presentation with a question: What‘s the reason for using licenses in software in DNN extensions? DNN extension in this context is any kind of software that extends DNN (could be a module, a skin, a PersonaBar extension or whatever else) 2) Basically, licenses allow you to control who is able to use the extension in which environment. And what does „environment“ mean here: Depending on the implementation, licenses can give the vender a granular control: The vendor can define liceneses that limited the usage on special domains or on a maximum amount of resources (like number of users or servers) license could be domain specifc or could limit the usage for a maximum user. Another option woud be that the license only works for a specifc time span or on a specific hardware but why? 3) In most cases for commercial reaons; the owner of the extension (the vendor) is able to prevent the user (the customer) from installing the extension in multiple environment after buying it for one environment In this presentation I would like to give you an idea about how such licensing could be implemented. If you are a extension developer, you might get some ideas about how to implementing licenses for your extensions. If you are a extension user, you might get an idea how your vendor‘s licensing system work.

3 About me IT Manager at Jack Wolfskin DNN MVP Spring 2015
Relaunched Jack Wolfskin B2B platform in 2013 based on DNN professional / Evoq Content DNN MVP Spring 2015 >50 pull requests for DNN platform Founder and developer at DNN Dev Tools won “DNN 8 Module Challenge” category “SPA Module” Before I go into the details of my presentation, I would like to take the chance to introduce myself. My name is Jan and I attending the DNN Conference for the third time. I‘m working full time at JW in the IT department. JW is one of the biggest suppliers of outdoor products and most successful franchiser in the German specialist trade market of sports equipment. At JW we relaunched our B2B platform in 2013 and because of our strong MS IT strategy chose DNN as platform to build the portal on. Baiscally, the B2B platform is an order and information platform for our business customers. In 2015 I was nominated as DNN MVP, because of my activity in the DNN community. I created over 50 pull requests that have been merged into the plattform. In 2014 my partner and me founded weweave, a company that develops and sells professional DNN modules 2016 our open source module „DNN Dev Tools“ won the “DNN 8 Module Challenge” category “SPA Module”

4 Check out https://weweave.net/dnnconnect2017
weweave’s products DNN Google Analytics Advanced The all-in-one Google Analytics solution for DNN. DNN Dynamic Redirect The ultimate redirect solution for DNN. DNN Google Tag Manager Coding-less Google Tag Manager integration. DNN Dynamic Roles Dynamic role assignment for DNN. At weweave our four most successful modules are All our modules require a (paid) license to work in a production environment and we offer free 30 days trial licenses for all of them In this presentation you will get insights about how our licensing system works that generates and validates the licenses. On of our key requirement was, that the licenses whould work offline. Which means that there is not communication between the modules and our system to validate the licenses. The main reason was to not get any problems with firewalls and the moduels should work in offline scenarios. As a special offer, we provide one free licenses per module for each attende of DNN Connect You can find more information about this offer on the flyer in your confrenece bag or on the website Check out

5 (Technical) Background
Agenda (Technical) Background License generating and validation Connecting the DNN store In a first step we need to disuss some technical basics In a second step I will show you how to actually generate and validate the licenses And in a last step I will give you an idea how the selling process work using the example of the DNN store

6 Base64 Binary-to-text-encoding
Represent binary data as sequence of 64 „common“ and printable characters Safe data transfer (e.g. , copy & paste, …) We start with Base64 Easy and well-known way to encode binary data into plain text or in a sequence of printable characters There are online tools available to encode and decode information in Base64 and encoding/decoding is easily possible in every programming language Example / works in both ways We will use the representation to safely transfer the licenses (from the vendor to the customer) Text DNN Connect 2017 Base64 representation RE5OIENvbm5lY3QgMjAxNw==

7 JSON (JavaScript Object Notation)
Lightweight and human readable data-interchange format { "conference": "DNN Connect 2017", "sessions": [ "speaker": "Jan Jonas", "title": "How to set up a licensing system for DNN extensions" }, } ] Second technology we use is JSON Also well-known and widespread We will use the JSON notation to store a complex data structure as text / In detail, we will use it to structure all the different information inside the license (we will see that later) Example shows structured information (incl. Some nested objects, lists)

8 Signatures Cryptographic algorithm (like RSA-SHA1)
Signing: Use private key to create a signature for a message Verifying: Use public key to test the signature Signature verifies content and sender’s identity In the licensing context… Vendor signs license with a signature DNN extension verifies license based on signature The third an last piece of technology that we need are digital signatures It‘s a crypthografical algorithm that can be used to create a signature of a message. The basic idea is, that the author of a messaga can create a signature by using the private key and everyone can use the public key to verify the message was signed by the author and no-one else. Creating the signature is called signing and testing the signature is called veryfing Crypto algorithm often used in combination with a hash algorithm, we use RSA-SHA1. Only Hash is signed not the complete message. Won‘t go into details… Basically the licenses verifies the content and the sender‘s identity What does that mean for our licensing system? The vendor is the only one who know the provate key and can use it to create a signature for the license The DNN extension can proof the license was generated by the vendor and no-one else and make sure license is not faked No need for an online connection: Verification can be done offline (The DNN extension knows the public key and just need to verify the signature)

9 License generating and validation
Agenda (Technical) Background License generating and validation Connecting the DNN store In a first step we need to disuss some technical basics In a second step I will show you how to actually generate and validate the licenses And in a last step I will give you an idea how the selling process work using the example of the DNN store

10 How does licensing work?
Client buys the DNN extension for his environment Vendor creates license containing Details: Information about the client’s environment Signature: Digital signature of the “details” Vendor transfers license to the client Client enters license into DNN extension DNN Extension validates license Check „Signature“: Generated by the vendor? Check „Details“: Applicable for the environment? License generating Before we go into the details how to generate and validate licenses we first take a look at the basic process On the next slides, I‘m going to show you the details for Step 2 (Generating) and Step 3 (validation) License validating

11 Generating licenses – Structure
Combination of JSON, Base64 encoding and a RSA-SHA1 (signature algorithm) Base64( JSON( Details, Base64(RSA-SHA1(Details)) ) For the license structure we use a combination of the three technologies we saw in the introduction: JSON for structuring data, Base64 to put everything into printable characters and RSA-SHA1 for creating the digital signature The structure of the license looks like this. Basically we have We have our license details (information about the client‘s environment We sign this information and use Base64 to transform the license into printable characters We use JSON to put both information into a structure In a final step we use again Base64 to transform the JSON structure into a long list of characters just for cosmetical reasons to make the license look more like a license key The generation process gets more clear of we take a look at an example on the next slide

12 Generating licenses – Example
Scenario: Generate license for a maximum number of users  Use license „Details“ for the number of users (“100” in this example) Base64( { "details": "100", "signature": "TXlTaWduYXR1cmU=" } ) eyJkZXRhaWxzIjogIjEwMCIsInNpZ25hdHVyZSI6ICJUWGxUYVdkdVlYUjFjbVU9In0= Base64( JSON( 100, TXlTaWduYXR1cmU= ) Base64( JSON( 100, Base64(RSA-SHA1(100)) ) Base64( JSON( 100, Base64(MySignature) ) Base64( JSON( Details, Base64(RSA-SHA1(Details)) ) In this example we assume that we have a DNN extension that is licensed per user. In other words the client buys the extension for a specific number of users. To keep the example simple, we use that maximim user number as license detail and we generate the license with the process from the slide before We will no go step by step thru the licensing process Simplification: RSA-SHA1(100) = MySignature

13 License example - Validating
eyJkZXRhaWxzIjogIjEwMCIsInNpZ25hdHVyZSI6ICJUWGxUYVdkdVlYUjFjbVU9In0= Base64 decode of license {"details": "100","signature": "TXlTaWduYXR1cmU="} Check „Signature“: Generated by the vendor? Base64 decode of signature (here "MySignature") is valid signature for "100" ? Check „Details“: Applicable for the environment? Number of users <= 100 ? To complete our example we now take a look at the validation process of the license. These steps are done by our DNN extension that gets the license key and now has to verify the license Basically the DNN extension does the same steps in reverse order: We decode the license key to get our JSON structure Based on this license we can now answer the two questions First: Was the license generated by the author We decode the signature and test if this signature is a valid license for the details Second question: Is license applicable for the environment We check the license details which is a maximum number of users So is the basic license generating and validating process. Before we go to the last section of my presentation where we will see how to connect the DNN store I will give you some information about the licensing modul that we use at weweave for our proefessional DNN modules

14 weweave‘s license model
License per domain (incl. sub-domains) Lifetime license (incl. 1 year free upgrade) No license required for (local) development environment 30 days trial licenses Generally our licensing works per domain, because: Much easier to understand for the clients than number of users, portals, server or maybe host guid No license changes required if you move to another infrastructure (more server) Including sub-domains to enable the users ti use the license in test or staging environments Our standard license does not expire: In other aafter purchasing the extension the user does not need to worry about any costs in the future, exept he wants to upgrade to a new version of the module. This is only possible for all releases within one year after the licenses was generated. For local environments teh modules can be used for free. In our definition local is everything taht runs on localhost or on a .local domain Because we had a lot of clients that do not have a local test environment we implemented trial licenses that only works for 30days and enable the users to test the functionality in their production environemnt. We generally recommend to use a dedicated test environment for our modules, we experienced that some clients only have a production environment

15 weweave‘s license details
{ "version": 1, "description": "License for 1 site", "type": "lifetime", "uuid": "159891d1-91dc-4d24-9c47-8b9c865f7f52", "onlineVerification": false, "product": "DnnGoogleAnalyticsAdvanced", "owner": "Example company", "issueDate": " ", "expiryDate": " ", "subject": "^(.*\\.)?example\\.com$" } Is the license valid for a domain? (localhost and *.local is hardcoded) Is the license expired? (Release date is hardcoded) On this slide you see all details that we put into our licenses. Most of the information is self-explanatory and the most important ones are expiry date and subject. 1) As the name assumes this date is used to check if the licese is expired. The DNN extension knows its release date and tests this against the timestamp. As I said before we sell lifetime licenses the license is still valid if the date is in the past as long as the release date of the extension is not younger. Exceptions of this are trial license, type is set to „trial“. For those the expiry date is a the deadline until the extension works. 2) subject: We use a regular expression to define on which domain the license is valid for. This gives as great flexibility. By default we include the sub-domains but we could also generate custom licenses that work on multiple domains or even wildcard licenses that work on every domain. The local domains that are used to determine the local environments are hardcoded Here is a screenshot of one of our modules where you can see how the license input inside of DNN looks as. As you can see we use some of the license details and show them to the user, so that he know what license he has entered and gets useful information like how lnong the license is still valid. In case the license is expired and the user is not able to update to new releases, we display an appropriate warning with a link into our system where he/she can purchase a new license.

16 Connecting the DNN store
Agenda (Technical) Background License generating and validation Connecting the DNN store In a first step we need to disuss some technical basics In a second step I will show you how to actually generate and validate the licenses And in a last step I will give you an idea how the selling process work using the example of the DNN store

17 DNN Store - Basic process
Order notification API Customer buys the extension DNN Store notifies vendor Vendor allows customer to create license Vendor passes license to customer Customer installs extension and enters license in extension The basic process is as follows

18 DNN Store - Order notification
Set up order notification in vendor profile DNN Store (instantly) sends POST request (Data: InvoiceID, BillTo , Quantity, OptionID, OptionName, …) Use “POST Security Value” to ensure request was sent by DNN store POST data contain information about the customer and the product that was ordered

19 weweave‘s order notification V1
Register new license request in DB „Random and unique secret“ GUID Customer data (name, , …) Order details (product, quantity, …) Send link (containing GUID) to customer Example: Customer uses link to access license generation Problem: Customers got no overview of their licenses and thats why reworked the order notification set up a customer portal

20 weweave‘s order notification V2
Check if customer is new (use as key) Yes: Register customer in customer portal and send with credentials No: Send „Thank you “ Assign license to customer Customer logs into customer portal and generates license

21 Summary Use JSON, Base64 and signature (RSA-SHA1) to generate and validate licenses License contains details and signature Use order notification API to connect the DNN store I gave you an idea about how the technologies JSON, Base64 RSA-SHA1 could be used together to generate and validate licenses We talked about the information that are stored in the licenses which are the details that defines what your client has bought and the signature that verifies that the license was created by the vendor And in a last step I showed you how to connect your system to the DNN Store to enable your clients to generate their licenses

22 Thank you for your attention! Any questions?

Download ppt "How to set up a licensing system for DNN extensions"

Similar presentations

Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Masud Hasan 03-60-475 Secure Email Project 1. Secure Email It uses Digital Certificate combined with S/MIME capable email clients to digitally sign and.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Forms and Server Side Includes. What are Forms? Forms are used to get user input We’ve all used them before. For example, ever had to sign up for courses.

Forms and Server Side Includes. What are Forms? Forms are used to get user input We’ve all used them before. For example, ever had to sign up for courses.
Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?

Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?
Advertising with TripBuster.co.uk Partner Media Pack From Just 10p Per Click.

Advertising with TripBuster.co.uk Partner Media Pack From Just 10p Per Click.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Security fundamentals Topic 5 Using a Public Key Infrastructure.

Security fundamentals Topic 5 Using a Public Key Infrastructure.
FriendFinder Location-aware social networking on mobile phones.

FriendFinder Location-aware social networking on mobile phones.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
1 Day 2 Logging in, Passwords, Man, talk, write. 2 Logging in Unix is a multi user system –Many people can be using it at the same time. –Connections.

1 Day 2 Logging in, Passwords, Man, talk, write. 2 Logging in Unix is a multi user system –Many people can be using it at the same time. –Connections.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted email that contains data specific to that recipient the data.

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
IPEmotion License Management PM 20.10.2015 (V1.2).

IPEmotion License Management PM (V1.2).
 Introduction  History  What is Digital Signature  Why Digital Signature  Basic Requirements  How the Technology Works  Approaches.

 Introduction  History  What is Digital Signature  Why Digital Signature  Basic Requirements  How the Technology Works  Approaches.
What is Dental-Cal? Global, multilingual, free to use dental event calendar Target group: Dentists, Dental Technicians, Dental Assistants.

What is Dental-Cal? Global, multilingual, free to use dental event calendar Target group: Dentists, Dental Technicians, Dental Assistants.

Similar presentations

Ads by Google