Security with QueryString values in Asp.net MVC

Question

How do you properly ensure that a user isnt tampering with querystring values or action url values? For example, you might have a Delete Comment action on your CommentContro

Answer 1

You cannot easily do this.

I have fond memories of a site that used action urls to do deletes.

All was good until they started search crawling the intranet.

Ooops, goodbye data.

I would recommend a solution whereby you do not use querystrings for anything you do not wish to be edited.