Consider the following requirements Windows software which communicates with a w
ID: 652395 • Letter: C
Question
Consider the following requirements
Windows software which communicates with a web application using basic authentication
The software is an MSI package
The software requires a token to be placed in order to authenticate itself to the web application
The token is unique to every user, but the user is expected to install the software with the same token on several machines
The question is:
What is the best strategy to distribute the software from the web application with appropriate token in it ? (The user should not be asked to enter the token.)
The proposed solution is::
When the user clicks the download software button from the web application instead of giving then the software, we generate a VBScript file which contains the token and download location of the software package (MSI), and deliver it as a download. After that, when the user invokes the script, the following things will happen.
The software will be downloaded and the token is passed to the installer and a custom action inside the installer will get the token and configure the application accordingly
Will the Windows world accept the above solution? Do they feel it unnatural? Is there a better solution to the problem at hand?
Explanation / Answer
The standard solution which you have surely seen from other software vendors is to
let the user download and install the software, maybe with or without the registration, but let the software itself lead the user through the registration process afterwards.
Through that process, after the user is authentificated, the token is downloaded in form of a license file. If you want to let the user install the software on a second machine without a new authentification, allow the license file to be copied to the other machine. You wrote "user should not be asked to enter the token" - but actually, where is the difference for the user if he has to copy a VBS file to a second machine, or if he has to copy a license file?
Note that this does not prevent your user to give away the software together with the license file to another person, but since your own approach does not prevent that either, I guess you are not after a solution for that problem.
A different approach is not to use VBS, but generate a personalized downloader in form of an exe file (it is not too hard to provide a C or C++ source code which is personalized by modifiying just one small code file and then compiled on-the-fly by your web server). At least this prohibits modifications by the average user with a simple text editor like Notepad, which would be possible for a VBS downloader. And you do not have to teach your users how to run a VB script.
And if you really want to provide personalized installer packages, there is a third option. It is possible to generate or regenerate your MSI packages on-the-fly, so you can replace the personal token file inside an MSI package for each individual download. This SO post contains some information about this, and here is shown how a single file can be replaced inside a compressed MSI. That may be the smoothest solution for your case.