ASP.NET MVC - Encrypt URL<>
This question already has an answer here:
- Encrypt IDs in URL variables 5 answers
If you REALLY want to encrypt the query param, it's very simple, just use any encryptor provided by .Net and then use an attribute or a httpmodule to decrypt the param.
The most important thing is to ALWAYS validate the request. If you can do it a POST with anti forgery token, do it. Then, always check the user credentials if that user has access to the protected resource.
It's not hard at all, but you have to take it slowly and handle every scenario you can think of. Use a white list approach: only those who meet some conditions are allowed.
One option would be to make your PK's that long with a randomly generated string or a unique identifier (GUID).