Before you spend too much time and energy stopping piracy, make sure you have a clear set of goals for returns on the work that will justify spending the resources.
It's not a simple as it seems - there's a lot of evidence out there to indicate that most pirates just won't buy your product, no matter how good your security is. If they can't crack it, they'll just go somewhere else or do without. That means stopping piracy brings in very little in additional sales. More than that, pirates may even help to spread your software, so locking them out could actually lower your total sales.
So you need to think about why you're stopping pirates in terms of how it gives you or your company a net gain as opposed to just stopping the pirates from having a gain. This isn't a zero-sum situation, and so the way to maximize your own profits often involves allowing the pirates to have their moment as well. A basic obfuscator or naive product key (it doesn't have to be unbreakable) might be fine to catch some of the low-hanging fruit, but it's probably not beneficial to you to go much beyond that.
You might want to read these as well:
How do i prevent my code from being stolen?
Securing a .NET Application
