I’m working with a WPF/C# app where I need to lock out users from accessing a particular feature for some amount of time. Basically, from the time a certain event happens, I want to prevent certain access for the next 24 hours.
The simple case:
- Event happens, save timestamp (using DateTime or similar)
- User tries to access area 15 hours later, compare Now to timestamp… block
- User tries to access area 25 hours later, compare Now to timestamp… allow
All good. However, the user has the ability to change the system time, which royally screws me. They can simply set the system time 24 hours ahead and my app will be none the wiser.
I’m assuming that changing the time in Windows makes its way to the system’s real time clock… so is there any free running timer that is independent of the system clock? One that the user can’t mess with?
Any insight is appreciated.
Environment.TickCount doesn’t change with system time changes but it resets on reboots. One option is an HTTPS secured web service and a certificate policy that does not allow certificate validation failures. Otherwise it would be pretty trivial to spoof the response from the service.
Back when I first started selling software I was very paranoid about piracy and such. Not that I’m suggesting your purposes is the same. But I came to the conclusion that people generally won’t mess with their system time because it screws up so many other things on their computer that it’s not worth the hassle. Naturally different applications will have different integrity requirements but I just thought I’d add this bit.