Skip to content

Licensing a desktop application

A vendor shipping a desktop application — sold perpetual or by subscription, activated with a code, locked to the machine, and expected to keep working on a plane.

The shape: the application embeds the license client; no secret ships in the binary. A code plus the machine’s fingerprint buys a signed license the app verifies locally.

You needYou use
A license key the customer types inAn activation code issued per entitlement
Copy protection per machineNode-locking via the device fingerprint; component matching survives a RAM upgrade or new network card
A 14-day trialA trial policy — same build, time-boxed license
Works offline for weeksThe on-disk license cache plus an offline-grace window; the app validates the signed license without a network
Edition gates (Standard vs Pro)Features in the license token, checked locally
A shared pool of team seatsA floating license: N concurrent seats per entitlement; workstations check a seat out on activation and back in on release, and the service — not the app — denies the N+1th
À-la-carte add-on modulesBundles granted to the entitlement (bought outright or time-boxed); the granted features merge into the next license the customer’s app fetches — no new build, no reinstall
Perpetual or subscription — same buildThe entitlement’s subscription policy decides; the license token carries the model, so the app renders “never expires” or the renewal date from the same code path
”I got a new laptop”Support releases the old activation in the portal; the customer re-activates with the same code
  1. Build the client once at startup: LicenseClientBuilder with the activation code the user entered, a DeviceIdDeviceFingerprint, the pinned public key, and the on-disk license store.
  2. Gate features from AccessLicenseAsync() — every check is local and instant. An expired or tampered license simply fails validation.
  3. The lease-and-grace rhythm handles connectivity: the app renews its lease when online and lives off the grace window when not. Fully disconnected sites use the file-based offline flow instead.
  4. Optionally report feature usage and app events — telemetry that lands in the same dashboards as licensing data.

The whole runtime path is anonymous or license-token-authenticated: crack open the binary and there’s no API secret to steal, and no license to mint without the provider’s signing key.

See it live: the Atelier demo is exactly this use case — a creative suite with a floating three-seat team pool, add-on modules bought from inside the app, and a perpetual-vs-subscription edition switch.

Start with the developer path.