AFAIK

There are lots ways available to write the secure Mvc application. In my experience I came across lots of secure application in public facing. I want to tell about some of the mechanism I followed. 1- encrypting the URL Parameters and preserving id's encrypted on the client side 1- I always make sure if I pass Id or any sensitive data into the view always make sure it's encrypted. By doing so make sure if we forced to use HTML.hidden or HTML.hidden for have the encrypted values, in action link if I pass any parameters from the client side (eg:- edit or create or navigating between different actions we can make sure that all the values are encrypted) During the design of the actions results if it's http get I usually encrypt the sensitive data [httpget] Public actionresult display() { TestModel testModel=new TestModel(); testModel.id= encrypt(id); Return View(testModel); } [httppost] Public ActionResult Display(string id) { Guid d_id= new Guid(decrypt(id));