Licensing System For Client Side Code Web Application

I have a client-side web application running on SharePoint Site Collection, each site collection has it's own unique id. I want to use a licensing process to lock the app to a site collection.

This is the challenge-response process I'm trying to implement:

  • User prompted to generate challenge code
  • challenge code is site_collection_id processed through some function
  • User emails me challenge code
  • Encrypt challenge code with a private key
  • The encrypted result is considered the license key which I send to user
  • User saves license key into the application

Validation Process:

  • On app load, retrieve license key
  • Decrypt license key using a public key stored in app
  • The result is the challenge code the user had sent before
  • Take that challenge code revert it back to a site collection id
  • Retrieve the site collection id app is currently running on
  • Compare the two to determine if license key is valid

Does this make sense? The one thing I'm not sure about is the public/private key stuff and if there's a way to do this in JavaScript.

I know it's impossible to 100% secure client-side applications. I'm just looking for something to prevent someone from easily distributing the application



You can use public/private key in javascript, I just used in my recent project. Check openpgp.js. The scenario you describe looks fine. You may also use daily tokens client will ask your server to be able to run, sharepoint site may send the token you give them back with a request for daily license, and you send license code and a token which is valid for 24h.