Im trying to create an login to my windows form application so I can filter the users and have a log of the logins etc, if the login is ok it will open the "Main Form".
Im using a webservice, so I send the user/password to the webservice, it authenticate and return if it was suceful or if its failed, everything is working great.
Here is my problem:
People started to use web debuggers to get the server response and then change it, so the login form always get the "User Ok!", then I added encrypted informations using AES encryption, which uses 2 "random keys" to encrypt/decrypt data, but since .NET programs really sucks against decompilers they are getting the method I'm encrypting the data and then creating a fake encrypted response from my server, so cracked again.
Yes, I'm using a code obfuscator, even a paid one, but you know, people always find away to reverse it.
So I need to find a good way to create a system described above, I guess the best way would be like a random encrypt/decrypt way, but not sure if any encryption supports that, I'm creating this question because I've been searching around the internet for a long time and didn't find any good solution for now, and I hope you can help me with that.