Preventing Url manipulation attacks with MVC?

Question

Any good strategies, code snippets etc for preventing URL manipulation?

For example I have this url, http://localhost/profile/edit/5 the id could easily be

Answer 1

Number 3 is the correct thing to do. Server-Side Security Validation is always what you need, because this is the mechanism that you completely control and can rely on.

Number 1 is Security by Obscurity, and if someone accidentally posts his URL somewhere (like people often do with Session-IDs when they copy/paste links), your "Security" is broken.

Number 2 seems like a weak security - if you go through the hassle, better implement proper security. That also allows people to bookmark the page.