What’s Inside A Sitefinity License?

Oct 29, 2019 | Sitefinity

If you’re new to Sitefinity you’ll quickly learn that in order to use Sitefinity you’re going to need a license file. That license file determines what features can access inside of Sitefinity and what you can do.

To see what license file that you currently have installed just go to Administration > Version & Licensing. Here you can see the details of the license such as what edition of Sitefinity you’re running, the license type, the date of activation, and product version.

Further down, under the license detail section, you can see how many concurrent users can be logged into the Sitefinity back end, what extensions are enabled, and the valid domains.

What is a Sitefinity License File?

The actual license file is nothing more than just a plain old text file that’s stored within your Sitefinity project files. In this example, you can see that a Sitefinity license file is stored under the App_Data/Sitefinity folder.

If you open a Sitefinity license file you’ll see that it has an obfuscated view of the details. This one line of letters, numbers, and symbols contains everything that Sitefinity needs to enable access to modules, the number of users able to access the backend, and so on.

Image 1 – Contents of a Sitefinity License File

For learning purposes, I’m going to de-obfuscate this license file to show you how it is structured. Also, I want to put a disclaimer out here that I never recommend modifying or tampering with your Sitefinity license files.

De-Obfuscating the Sitefinity License File

In this de-obfuscated view of the Sitefinity license file and you can see that it’s just XML. This license file is using a secure envelope and it contains two sub-items called SignedInfo and SignatureValue.

The signed info contains the actual XML details of the license. We will look at this in more detail here in a second.

The signature value is generated from a private key and the contents of the signed info. Sitefinity can validate this license by running an algorithm against the signature value, the signed info, and the public key.

So if you modified the signed info and was able to obfuscate the license file again, it would not be considered a valid license anymore. You would need to generate a new signature value using the private key, and last I checked no one has the private key except the Sitefinity team.

Image 2 – De-obfuscated view of Sitefinity License File

If we extract the signed info data you can see that it generates another set of XML. This XML details everything that you are licensed to access in a Sitefinity instance. In this example, you can see the type of license if it’s a trial license, the date the license was issued, the expiration date, the licensed modules, the license domains, and so on.

Image 3 – The Signed Info Section of the Sitefinity License File

There you have it, all those letters and numbers actually mean something.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

14 − 10 =

Pin It on Pinterest