This is a variation on an existing question in SO about securing/obfuscating .Net applications in general.
I'm developing an API in C# that includes some algorithms I'm keen to protect. I understand no method will be perfect, but what's the generally accepted method for doing this?
I'd like my clients to be able to code against the API but I don't want them to reverse engineer what's inside (at least I don't want to make it easy for them).
If I obfuscate the code, won't that also obfuscate the API?
We're looking at smartAssembly any thoughts comments on the product would be appreciated.
You mentioned smartAssembly. There is also Dotnetreactor, Dotfuscator and an open source obfuscator: sharpobfuscator.
A good code obfuscator will take a lis tof exceptions to not obfuscate and IN GENERAL have a switch to ONLY obfuscate implementation details and not touch the public API (classes, properties etc.). So, if you coded right (facade public, all implementation details non-public) it should do a good job.
Obfuscate it. Obfuscation tools don't obfuscate the public API as that would break external code that depends on it.
This may not be an option for you, but consider protecting the algorithms by never handing them out. Can you provide the processing through a webservice, .asmx or WCF?
AFAIK, there is no absolutely perfect way to protect your code but obfuscation and encryption can make it more difficult than it's worth to reverse-engineer.