Windows Installer InstallAware for Windows Installer Header Image Windows Installer without Rocket Science

  InstallAware Blog

   

Online Serial Key Validation with InstallAware

I’ve spent a lot of time thinking about my next blog post. I’ve had some really crazy ideas like creating a plug-in to run my own scripting language on top of InstallAware’s MSIcode. Yeah, I know it sounds crazy but it’s doable. InstallAware sets no limits on your imagination. After getting down to earth, I combed our community forums for ideas and voila! This one gets a lot of requests so I’m going to show you how to create your own online serial key validator dialog/script with InstallAware. This post will be the first in a series in which we’ll make an online serial validation mini-suite for your applications. At the end of the series, we’ll have complete MSIcode, ASPX and PHP scripts and a sample project with dialogs. My examples will be simple but once you get the idea, you’ll be able to modify my scripts or create your own from scratch easily.

My basic approach is as follows: In the setup wizard, I prompt the end-user to key in their serial number. After the serial has been entered, I connect to my web server using the Download File MSIcode command, and I ask my script (residing on the web server) to validate the serial number live. If the serial is valid, the web script returns “1″ along with a random number, if it’s not, it returns “0″. Note that there are lots of different approaches you can take when validating the serial number. You may, for example, first check if the serial number exists in your database. If it doesn’t, you can run your serial number algorithm to determine if it’s legitimate and then add it to your database, along with some other registration data, like user name, email address, company name, and so on. Alternately, even if the serial number already exists in your database, you can run additional checks to make sure its not a pirated key that has been going around for some time. You could for instance bind each serial to a unique installation ID, or what have you.

Getting back to my particular scenario: When my web server script returns a “1″ followed by a comma delimited random number, I parse that string in InstallAware’s MSIcode to get the random number part (I use the Read from Text File and Parse String MSIcode commands). I then query the web server again with that value to dynamically determine what product version the end-user is licensed for, and which setup features should be enabled/visible on his/her “Components Tree” dialog. So again using Download File, I pass two parameters to my web script. The first is called ticket and is the random number that is valid for this session only. The second parameter is called component and is the name of the setup feature that I am validating for this particular end-user. On the server side, the script runs its validation against the database and returns a 0, 1, or -1 as a result. -1 means that this feature is disabled and invisible, so the end-user doesn’t even know it exists (this can be useful for trial version installations), 0 means that the feature is disabled but visible, so the user knows it exists but cannot select it (useful for licensed products on the lower-end of your product edition spectrum), and 1 means that the feature is enabled and visible, so the user is fully licensed for that feature. As I evaluate the results using If commands in MSICode, I dynamically enable or disable the relevant setup features using the Set Component Choice and Set Component Visibility MSIcode commands. In case you’re wondering why I use a random number ticket, I use it as a unique temporary key, to query my web server/database and find out which setup features should be enabled. A “security” pre-caution if you like.

In my next post, you’ll see how to wrap InstallAware’s update mechanism around your application. I’ll extend the built-in update functionality to use my online serial key validation mini-suite and check if the end-user actually has the rights to make updates – and allowing them only if (s)he bought a software subscription plan. Stay tuned!

Panagiotis Kefalidis
Software Design Team Lead
InstallAware Software Corporation

3 Responses to “Online Serial Key Validation with InstallAware”

  1. Stephen Brooke Says:

    Thanks for that post, I learned something about online key validation. I’m wondering if InstallAware readily supports offline key validaiton, useful for cases where users need to install my application offline and be given a temporary 30 day trial key until they can get online and get a real key? Any information on this would be much appreciated. I’m currently using InstallAware 8.

  2. Iamfromk Says:

    Hi,

    i want to generate with PHP an serial from provided user name and company name directly on the server side and to mail all this information to client. can you help me ? i need the algorithm that install aware use for offline key generation.
    Thanks.

  3. board result Says:

    What’s up, everything is going fine here and ofcourse every one is sharing information, that’s actually
    fine, keep up writing.

Leave a Reply