Verifying a license key in your plugins

So you're ready to distribute license keys to customers that buy your plugins, but how do the plugins know that a license key is valid?  It's actually pretty easy.  The following code handles most of the work:

public bool IsLicensed(string host)
    var keys = GetAll();

    foreach (var key in keys)
            string decryptedKey = _encryptionService.DecryptText(key.LicenseKey, Constants.LicenseKeySeed);
            string licensedHost = decryptedKey.Substring(1);
            if (decryptedKey[0] == 'U')
                if (host == licensedHost || host == "www." + licensedHost)
                    return true;
            else if (decryptedKey[0] == 'D')
                if (host.EndsWith(licensedHost))
                    return true;
        catch { }

    return false;

The GetAll() function is just getting all of the license keys that the customer has purchased and saved within your plugin (I add a small CRUD table to my config page).  You want to allow them to store multiple keys because they could have multiple stores touching this plugin.  The host is passed into this function and is usually grabbed through HttpContext.Current.Request.Url.Host.

Constants.LicenseKeySeed is the same exact string as what you put into the ProductKey on your store.

Leave your comment
9/26/2013 12:27 AM
Knwdeloge wants to be free, just like these articles!
5/20/2015 8:02 AM
Hi ,

Thanks for sharing knowledge .
can u provide the DecryptText function.

5/20/2015 8:04 AM
Good article ,
I have some queries.

HttpContext.Current.Request.Url.Host will be current store url?

5/20/2015 9:08 AM
DecryptText should be in the IEncryptionService in NopCommerce.

Yes, HttpContext.Current.Request.Url.Host should be just the Host portion of whatever URL you are on.  For this article:, Host would be