This time I want to briefly talk about source code protection in Business Central SaaS.
As you know, for the PTE, we can download its source code directly on the Extension Management page both in Production and Sandbox. But we cannot download the source code of AppSource. This may be Microsoft’s policy to protect the Partners’ source codes.
About PTE and AppSource Extension:
Per Tenant Extensions (PTE):Customization for each customer (Object ID: 50.000-99.999)
This range is for per tenant/customer customizations. Partners can develop an extension tailored to the individual tenant as the customer needs.
AppSource Extensions: Customization for AppSource (Object ID: 1,000,000-69,999,999, 70.000.000-74.999.999)
Partners can obtain ranges for extension development that runs in Dynamics 365 Business Central in the cloud. This range is only available for extension development and only in Dynamics 365 Business Central. These extensions are obtained as apps from appsource.microsoft.com.
PTE on Extension Management Page: You can click “Download Source”.
After decompressing the downloaded file, you can find the source code.
AppSource Extension: You can not click “Download Source”.
So, is there any way to prevent PTE from being downloaded?
Yes, If you are the developer of the project, or one of the team, you only need to modify one setting in “app.json”.
Let us first look at Microsoft’s description of this setting.
I found its description is wrong, because every time the new project is created, the default set of this setting is not false, but true.
And, It did not explain anything about downloading the source code.
Microsoft Docs link: JSON Files
OK, let us go back to the above project, and repackage it. (New Version: 22.214.171.124)
Reinstall. (Because the demo is in production environment, I used the upload method to install it. If it is in Sandbox, publishing directly from Visual Studio Code is the same.)
At this time, you will find that although it is a PTE, you cannot click “Download Source”.
Business Central 2021 wave 2 (BC19) new features: Richer access control for extension source in cloud environments (‘showMyCode’ -> ‘resourceExposurePolicy’)
‘showMyCode‘ is being deprecated in the versions: ‘8.0’ or greater. This property is being deprecated in favor of ‘resourceExposurePolicy‘. This warning will become an error in a future release.
Hope this will help.