How to check if system date is correct? (to prevent abuse) vb .NET

I am working on 开发者_高级运维a business related program, so I need to know if system date is correct -synced- with remote server. How do you do that in vb .NET winforms?

P.S: In addition, is there any way to raise some event when system clock changed to prevent hacks? I don't want users to change local date after logging in their account.

Thanks in advance.

You will need to verify the clock with an external server and accept it if it is within a certain tolerance. All clocks are wrong by some degree. Usually a webservice on a server somewhere is enough, but there are many free NTP-services. Note however it would take me 5 minutes to bypass that, so for more security you need to use SSL (HTTPS) (makes man-in-the-middle attacks impossible).

Note however:

• You need to compensate correctly for timezones as server and users could have different timezones. Timezone info is sent in ISO 8601 formatted DateTime string, so thats easy enough.
• What is preventing user from disconnecting internet? Do you really want to require internet access to start the app? Someone with a laptop would quickly discover that offline mode makes the app work.
• One technique used by some is to say that if a time in the future (after product has expired) has been spotted by the app then you need to reactivate it. Reactivation requires communication with internet server which can verify the license against a trusted clock.

If you want to know when a user changes the clock simply set up a thread to loop with a 60 second Thread.Sleep(60000). Then check current DateTime against the one 60 seconds ago. It should always be 60 seconds -/+ 1 seconds since last check. (+/- 1 second is to compensate for delays like app hanging slightly as timer is executing, etc)

I threw together a quick example:
EDIT: Sorry, first sample was in C#. Redone it in VB.Net.

Imports System.Threading

Public Class Form1
    Private TimeMonitorThread As Thread

    Private Sub Form1_Load(sender As System.Object, e As System.EventArgs) Handles MyBase.Load
        TimeMonitorThread = New Thread(TimeMonitorThreadLoop)
        TimeMonitorThread.Name = "TimeMonitorThread"
        TimeMonitorThread.IsBackground = True
        TimeMonitorThread.Start()

    End Sub

    Private Sub TimeMonitorThreadLoop()

        Dim sleepSeconds As Integer = 60
        Dim tolerance As Integer = 1

        While (True)
            Dim before As DateTime = DateTime.Now
            Thread.Sleep(sleepSeconds * 1000)
            Dim after As DateTime = DateTime.Now
            If (Math.Abs(CInt(after.Subtract(before).TotalSeconds) - sleepSeconds) > tolerance) Then
                ' Time has changed!
            End If
        End While
    End Sub

End Class

Just steps in theory.

First, create an asp .net application in your remote server that will provide current date time. To ensure added security, encrypt that current date.

Then in your PC, create a winform application that can access that remote server and get those current time as needed.

Then in your winform application, retrieve current date time. Then just do a comparison between the current time as indicated in remote server and in your winform application.

You can adjust your PC current date time as needed in order to sync with remote server time. In case of business application, you can notify the user or disable the application functions until that user did something as you would like him to do. Example, make a call to your service department or obtain an unlocking key, etc.

In the .net VB code submitted by Tedd Hansen make sure you change line one in Private sub form1_load :-

TimeMonitorThread = New Thread(AddressOf TimeMonitorThreadLoop)

(addressof must be there otherwise you will get an exception)

I had an application that runs on a LAN with SQL server machine on the same LAN. The app won't work without the db server connection so disabling the network will eventually lead to no app usage. The server had been locked out physically so no one will turn on or off the server except without permission or valid authorization (preventing BIOS changes). If anyone has such a case, you can very easily query the database and get the accurate date and time using SELECT GETDATE() and compare it with any variable you want.

In my case, I had to prevent users to enter back-dated data into the system therefore on saving data entry forms, I query the db to compare the current machine's date and server's date for a valid entry.