1

how to encrypt published dll and ViewFiles to deny End user to convert output files to source files

ahmad khalil
  • 51
  • 7
  • The answer is - `dotfuscate` your files if they go to your end user's hands. But even then, sophisticated user can reflect on them. I wouldn't worry too much because even if user decompiles them, there will still be plenty of work before it can be compiled into working end product. If you deploying it yourself and user only uses your app than don't worry. But definitely sign your assemblies so that someone can't substitute your assembly with the custom one. – T.S. Jan 04 '15 at 04:47

3 Answers3

0

For protecting dlls you can obfuscate them. Obfuscation is the process of renaming this meta-data in an Assembly so that it is no longer useful to a hacker but remains usable to the machine for executing the intended operations. It does not modify the actual instructions or mask them from observation by a hacker. Here is List of obfuscators for .NET and see .NET obfuscation tools/strategy.

Community
  • 1
  • 1
Mohsen Esmailpour
  • 11,224
  • 3
  • 45
  • 66
0

Use Obfuscation as mentioned above. You should also Precompile the web site or embed your views as resources inside the DLL. See ASP NET MVC Embedded Resource Views for more info on that.

Scope Creep
  • 811
  • 7
  • 14
0

With Precompiled views in ASP.NET MVC, the steps (after Obfuscation) to follow are (within the project folder containing the views):

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe -v / -p "." -c targetFolder -x obj -x bin –f
copy pathToObfuscated.dll targetFolder\bin
copy bin\System.Web.* targetFolder\bin
"C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\aspnet_merge.exe" targetFolder -o TopMain -copyattrs obj\x86\Release\AssemblyInfo\AssemblyInfo.dll -keyfile myCertFile.snk –a

The folder paths and file names may/will vary in your environment. The list of dependencies to copy may vary as well.

Note that this solution will not deal with obfuscating the cshtml, only the used Models and Controllers are potentially obfuscated. If the cshtml would need to be obfuscated as well, then extra obfuscation steps will be required before the merge phase.

Wolfgang Grinfeld
  • 870
  • 10
  • 11