Best practices and design patterns for app license checking
Published: July 16, 2012
You are responsible for creating the app license checks and then enforcing license restrictions within your apps. Here are some general best practices worth following.
Applies to: apps for Office | apps for SharePoint | Office 2013 | Office 365 | SharePoint Foundation 2013 | SharePoint Server 2013
For security reasons, we strongly recommended that you place the code that performs the app license check somewhere outside the reach of potential tampering. For example, you can limit your app’s security exposure by using server-side code to query the Office Store verification web service, instead of performing the license check client-side.
For apps for Office, you are required to use server-side code to query the Office Store verification web service.
Add license checks only at those points in your app where you want to take some action based on whether the user has a valid license or other license information. For example, when the user launches the app, or when the user attempts to access certain app features that you want to control based on app license information.
For apps for SharePoint, do not perform app license checks on every page of your app. Constant querying of the SharePoint deployment for the app license token is rarely necessary, and can lead to your app performance being throttled.
For apps with a perpetual unlimited user license, cache until the license token expires. For apps with a multiuser license, either trial or perpetual, cache per session because user assignment can change.
Make sure the production version of your app does not accept test licenses.
When you finish testing your app and are ready to move it to production, make sure you add code to the license checks in your app so that the app no longer accepts test licenses. After you pass the app license token to the verification service’s VerifyEntitlementToken method, you can use the VerifyEntitlementTokenResponse object returned by that method to access the app license properties. For test app licenses, the IsTest property returns true and the IsValid property returns false.
July 16, 2012