Security with QueryString values in Asp.net MVC

Question

How do you properly ensure that a user isnt tampering with querystring values or action url values? For example, you might have a Delete Comment action on your CommentContro

Answer 1

I've done funky things take the querystring, compress it, Base64 or just hex encode it, so that "commentid=4&userid=12345" becomes "code=1a2b23de12769"

It's basically "Security through obscurity" but it does make a lot of work for someone trying to hack the site.