I'm building a solution that will be sold to other businesses outside AppSource as a managed solution.
I'm planning to add to the solution a custom Plugin for authentication reasons, and I need to ensure that final customers can't tamper with that, like replacing the dll or preventing it from firing. Can a managed solution provide me with that guarantee, or should I look elsewhere?
Solved! Go to Solution.
Thank you very much @GuidoPreite!
That’s unfortunate because all the solution I had in mind required some sort of plug-in to be present to pre-validate transactions.
At risk of going out of topic, do you have any recommendations or suggestions regarding billing the customers on a non-user-based metric?
user o non-user based metric, the checks should be done inside logic done outside a plugin (for example in Azure).
Let's assume your solution does the sum of two numbers, currently you are doing 2+2=4 inside a Plugin (that can be disabled or disassembled), if you call an Azure function that accepts two numbers and return the value and inside there you check the authentication you did the first step (when the azure logic is called and how the authentication is done that are additional topics)
Sure, I should not rely only on the plug-in. I was planning to do so, but the very fact that the plug-in can be disabled defeat the purpose of it, doesn’t it? Am I missing something? Please note that what I’m referring to is authorization of the internal Dataverse transaction itself..
The authorization/authentication must be associated to the logic of your solution.
Back to my example, if the solution purpose is to calculate the sum of numbers, when the user disable the plugin (that will contact Azure) the sum will not be calculated so the solution doesn't work at all. If for example you have two plugins in the same message, one for the auth check, the other for the sum, the user can disable just the one with the auth check (or disassemble your plugin to skip the auth check).
Tampering of plugins can be done
Got it! So since my solution is entirely self-contained in Dataverse, and the only purpose of the plug-in would be to authorize the Dataverse transaction itself (I don’t have any specific logic to add or protect), I assume I should search elsewhere.. 😕
Thank you for your time! 🙏