Can customer change env.IsDevelopment after production

Question

We're developing a website using Asp.Net Core 2.2 we have this block in our configuration to bypass the licensing tasks in development tests:

if (!env.IsDevelopment())
{
    //Do license checking stuff...
}

I was wondering is it possible for the customer to somehow make my application run in development mode and try to skip license checking? If yes, what is the best way to prevent it? Thanks.

Depending on your "do licence checking stuff", a consumer could also wrap your DLL and simply replace your licence checking methods (see https://stackoverflow.com/a/55026523/3181933) before calling any of your code, regardless of the value returned by `IsDevelopment()`. — ProgrammingLlama, Nov 18 '20 at 07:01

score 4 · Accepted Answer · answered Nov 18 '20 at 07:00

Q: Is it possible for the customer to somehow make my application run in development mode?

A: Sure. There are several ways to do this, it's easy. For example, all you have to do is set the environment variable DOTNET_ENVIRONMENT. Or edit the settings file with notepad.

Q: If yes, what is the best way to prevent it?

A: Don't use runtime checks like "if (!env.IsDevelopment())".

One alternative is to substitute compile-time #ifdef. Another is to hard-code a global flag variable in your app. You've got lots of choices :)

Using compile-time #if seems to be the best, Thank you. – Bamdad Nov 18 '20 at 07:25 — Bamdad, Nov 18 '20 at 07:25

score -1 · Answer 2 · answered Nov 18 '20 at 07:00

-1

update launchSettings.json file profile in the deployed environment is the only way, I guess.

answered Nov 18 '20 at 07:00

ankkitgupta

46
3

Can customer change env.IsDevelopment after production

2 Answers2