I chose a different route: I simply placed the licensing information in an encrypted field in the database so that I didn’t have to worry about an Httpmodule. SQL Server has EncryptByKey and DecryptByKey functions that make it quite easy to get/put encrypted data. I also used a simple passphrase key to make the entire process very easy to manage. I appreciate your approach – it is really quite clever – but I think you’ve made life a bit too difficult on yourself!

As far as security goes, this is relatively safe as long as you are not actually providing the source code. The only drawback is the possibility that they’ll disassemble your code in an attempt to extract the passphrase or other encryption technology (this may well be true of your Httpmodule approach as well). This is not something I worry about, however, as I am working mostly with Fortune 500 companies and I have a legal agreement with them that includes a ‘no disassembly’ clause. The vast majority of companies simply won’t take a chance on the legal jeopardy they would incur by doing this just to get some extra features or expand their database. If you are distributing to thousands of otherwise anonymous users, on the other hand, it may be a different story.

Update: if you are not using SQL Server, you could also use some form of code-based encryption to save/retrieve your licensing information. If you need an encryption class, I uploaded a simple but extremely strong AES class for a previous answer.