asp.net mvc authorization using roles

Question

I\'m creating an asp.net mvc application that has the concept of users. Each user is able to edit their own profile. For instance:

• PersonID=1 can edit thei

Answer 1

Maybe you could organize the controller action such that the URL is more like http://localhost/person/editme and it displays the edit form for the currently-logged-in user. That way there's no way a user could hack the URL to edit someone else.