What best C# Anti reverse protection?

[Sheitan]

Which application for C# would you recommend me to make obs with? And there is a key auth system, there are a few files in my project and it pulls them from the resources folder. Does it make sense this way or downloading via webclient? Normally, users pull the applications I mentioned from resources while using them.

[whoknows]

the safest is : 

-user click a button to the app

-open yoursite.com/login in your app > user login manually > after success login download a string that is encrypted (in this string you have the end datetime)

-user somehow click another button in your app and POSTING to yoursite.com/download/test.zip the end datetime (at server you made a validation for the end datetime)

any other has /holes/

[Kurapica]

55 minutes ago, whoknows said:

the safest is : 

-user click a button to the app

-open yoursite.com/login in your app > user login manually > after success login download a string that is encrypted (in this string you have the end datetime)

-user somehow click another button in your app and POSTING to yoursite.com/download/test.zip the end datetime (at server you made a validation for the end datetime)

any other has /holes/

Easiest Replay attacks ...

[whoknows]

dont know will add a cutter per IP.. @ 100 times.. 

[Kurapica]

3 minutes ago, whoknows said:

dont know will add a cutter per IP.. @ 100 times.. 

Replay attacks are not about brute-forcing.

https://en.wikipedia.org/wiki/Replay_attack

[whoknows]

thanks for sharing... BUT come on man.. will be OK!

[jackyjask]

3 hours ago, Kurapica said:

Replay attacks are not about brute-forcing.

Server should return some temporary token that doesn't make sense to replay

the token value should be meaningless

only server should be able to understand it

Each operation with server should convey this token together

Also client should validate server certificate (all the chain)