cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Anonymous
Not applicable

Can I remove or disable a plugin from a managed solution?

I'm building a solution that will be sold to other businesses outside AppSource as a managed solution.

I'm planning to add to the solution a custom Plugin for authentication reasons, and I need to ensure that final customers can't tamper with that, like replacing the dll or preventing it from firing. Can a managed solution provide me with that guarantee, or should I look elsewhere?

 

Thank you,
Davide

1 ACCEPTED SOLUTION

Accepted Solutions
GuidoPreite
Super User
Super User

a managed solution will not guarantee that. A user can open Plugin Registration Tool and disable a plugin step also if it comes from a managed solution.

View solution in original post

6 REPLIES 6
GuidoPreite
Super User
Super User

a managed solution will not guarantee that. A user can open Plugin Registration Tool and disable a plugin step also if it comes from a managed solution.

Anonymous
Not applicable

Thank you very much @GuidoPreite!

That’s unfortunate because all the solution I had in mind required some sort of plug-in to be present to pre-validate transactions.

 

At risk of going out of topic, do you have any recommendations or suggestions regarding billing the customers on a non-user-based metric?

 

Thanks!

GuidoPreite
Super User
Super User

user o non-user based metric, the checks should be done inside logic done outside a plugin (for example in Azure).

Let's assume your solution does the sum of two numbers, currently you are doing 2+2=4 inside a Plugin (that can be disabled or disassembled), if you call an Azure function that accepts two numbers and return the value and inside there you check the authentication you did the first step (when the azure logic is called and how the authentication is done that are additional topics)

Anonymous
Not applicable

Sure, I should not rely only on the plug-in. I was planning to do so, but the very fact that the plug-in can be disabled defeat the purpose of it, doesn’t it? Am I missing something? Please note that what I’m referring to is authorization of the internal Dataverse transaction itself..

GuidoPreite
Super User
Super User

The authorization/authentication must be associated to the logic of your solution.

Back to my example, if the solution purpose is to calculate the sum of numbers, when the user disable the plugin (that will contact Azure) the sum will not be calculated so the solution doesn't work at all. If for example you have two plugins in the same message, one for the auth check, the other for the sum, the user can disable just the one with the auth check (or disassemble your plugin to skip the auth check).

Tampering of plugins can be done

Anonymous
Not applicable

Got it! So since my solution is entirely self-contained in Dataverse, and the only purpose of the plug-in would be to authorize the Dataverse transaction itself (I don’t have any specific logic to add or protect), I assume I should search elsewhere.. 😕

 

Thank you for your time! 🙏

Helpful resources

Announcements
Power Apps News & Annoucements carousel

Power Apps News & Announcements

Keep up to date with current events and community announcements in the Power Apps community.

Power Apps Community Blog Carousel

Power Apps Community Blog

Check out the latest Community Blog from the community!

Top Solution Authors
Users online (3,240)