Protecting my CSS using a location tag in web.config

[GD]

I'd like to prevent users from downloading my CSS file. I thought about
putting a web.config file inside my CSS directory as follows:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</configuration>

However, if I browse directly to http://mysite/css/style.css, I can
still download the file.

Am I setting up the web.config correctly? When set up correctly, will
this prevent my aspx pages from accessing my style sheet?

Thanks!

 

[Guest]

GD,
If somebody really wants your css file, they are just going to get it out of
their browser's cache. There is css all over the place. I just don't think
its a valid concern.
Peter

 

[darrel]

I'd like to prevent users from downloading my CSS file.

That defeats the purpose of using a CSS file. By it's very nature it HAS to
be downloaded for the browser to use it.

Am I setting up the web.config correctly? When set up correctly, will
this prevent my aspx pages from accessing my style sheet?

web.config only applies to .aspx pages. .css is handled directly by IIS.

You could, if you wanted to, just rename your css page as aspx and be sure
to send the proper header.

However, it will STILL be downloaded by the browser, so it doesn't make that
much sense to bother with this. How proprietary is your CSS file anyways?

-Darrel

 

[GD]

Thanks guys,
It's a client request ... I agree that it's pretty lame ... Seems like
more effort than is worth

 

[darrel]

It's a client request ... I agree that it's pretty lame ... Seems like

more effort than is worth

Definitely. This sounds like a 'client education' solution. ;o)

-Darrel