Obfuscation is one way, but it can't protect from breaking the piracy protection security of the application. How do I make sure that the application is not tampered with, and how do I make sure that the registration mechanism can't be reverse engineered?
Also it is possible to convert a C# application to native code, and Xenocode is too costly.
C# provides lot of features, and is the ideal language for my code, so writing the whole codebase again in C++ is out of the question.
Secure certificates can be easily removed from the signed assemblies in .NET.
Yes. It is true. .NET code is extremely easy to reverse engineer if the code is not obfuscated.
Obfuscation will add a layer of annoyance to people trying to reverse engineer your software. Depending on which version you get, you'll get different levels of protection.
Visual Studio includes a version of Dotfuscator. Since it's a bundled version, you're definitely not getting the strongest obfuscation possible. If you look at their feature lists, you'll see exactly what you're missing (and exactly what the application will do to make your code more secure).
There are a couple of other free or open source .NET obfuscators out there (but I can't comment on the quality or the various methods they use):
In the end, nothing is perfect. If somebody really wants to see how your software works, they will.