There are many ways to implement something like this, but here's one that shouldn't be too hard to do:
You need a publicly-available website somewhere that hosts a file containing the hashes of license keys that have been blacklisted. How you manage this file is up to you, but the file itself need only have a hash per line.
Then, on a recurring basis, your software initiates a download of this file (most server-side languages provide for this) and then searches it for the hash of the installed license key. If it is found, then the application knows that it should die until the blacklist is removed.
MD5 or similar plus a secret should be sufficient for this. You could get fancier and have the application send the request to your site and you look it up in a database on the fly, but the file (for what I'm assuming would hopefully be a short list) would hopefully remain small and may be the easiest way.
The harder part is going to be keeping the application dead. After all, you've got to store this somewhere internally, which means if it is overly obvious it could be easily subverted, and even if it isn't overly obvious, it can be easily reverted by restoring the appropriate table(s)/file(s). Therefore I suggest a second method of protection as well.
This method would store "LIVE" or "DEAD" (or something sufficiently similar) in a table or a file, but again HASHed. This needs to be hashed with your salt AND a timestamp. Everytime a page on your application runs, check this value with a hashed version of "LIVE"+salt+timestamp and then permit for a valid range of timestamps (for example, one day, two days, one week, one month, etc. Keep in mind the larger the range the harder performance will take a hit.). As long as things match (or a match is found), the app is alive; otherwise, even if the value in the special file or table is "LIVE", it will still be dead if there is attempt to restore from backup because the timestamp will fall outside your threshold.
In summary (this does assume that you have some programatic method of checking the validity of a license key, such as some sort of checksum or other method):
- CheckBlacklist
- Convert License Key to hash with salt
- Request blacklist file from server
- Is my hash in the file?
- If YES, then store hash of "DEAD" + salt + timestamp (truncated to day; no need to store hours+days+minutes)
- If NO, then store hash of "LIVE" + salt + timestamp (trunc'd)
- IsKeyAlive
- Create hash from "LIVE" + salt + trunc'd timestamp
- Load DeadAlive hash
- Do they agree?
- If YES, then we're alive; return TRUE.
- If NO, then we're possibly dead, but we may still be within our timestamp window:
- Subtract a day from the timestamp and repeat hash.
- Do we agree now?
- YES? Return TRUE
- Add a day to the timestamp and repeat hash
- Do we agree now?
- YES? Return TRUE
- At this point, we're out of the timestamp range with no match. Return FALSE.
(Kill app)
Now, goodness knows there's a million and one ways this can fail. Consider all the possible ways and build a reliable system (including one that assumes the client is right if the blacklist file can't be downloaded). Test, test, test it, and then test some more before deploying, because if it goes wrong, you'll have lost your client's trust.
The commercial software would need to include the copyright notice for the work it has used. It doesn't mean the entire commercial work is then licensed under the MIT license.
For example, I would expect to see the copyright notice for the commercial software, with the following wording added:
This software includes the Yannbane Awesome Library:
Copyright (C) 2012 Yannbane
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
So by including the license, they are letting people know what terms the "Yannbane Awesome Library" is licensed under - as it is different to the terms of the wider commercial application.
Best Answer
You are not authorized to distribute (as well as sell, decompile, etc.) Visual Studio itself. This doesn't apply to applications you create with Visual Studio. Those can be licensed under very permissive licenses, like Microsoft Public License (MS-PL), BSD, etc.
The same is true for ASP.NET (note that .NET Framework source code is available from Microsoft publicly, but is copyrighted).
ASP.NET MVC is licensed under Apache License 2.0, so it's a different stuff.
Politics.
If you want a more serious answer:
PHP is said free because you can easily setup a free LAMP stack without paying anything to anyone,
ASP.NET (because you're talking about ASP.NET, not ASP, are you?) reasonably requires Windows, which is a copyrighted, closed-source application. Proponents of Microsoft would say that Mono exists, but there are no well-known cases of easy industrial-scale deployment of web applications with Mono on Linux.
Free, here, is not about licenses, but about how much do you pay for software in order to deploy a web application to a server. This doesn't take in account neither the cost of hardware, nor the salary of a DBA.