Security with QueryString values in Asp.net MVC

Question

How do you properly ensure that a user isnt tampering with querystring values or action url values? For example, you might have a Delete Comment action on your CommentContro

Answer 1

Enrypting and decrypting query params is a trivial process and there are some great examples of how to do so using an HttpModule here on StackOverflow.

"You Don't", "You can't", or "It's not easy" are simply not acceptable responses in this day and age...