In my MVC application I have a page for a user editing their account details such as email address, password etc. In my database a User table holds this data and the primary key is UserId.
On the ChangeAccountDetails view I have created I pass a ViewModel with the data the user should be able to modify on their account. I also store the UserId in the ViewModel which is rendered into a hidden field on my actual view. I have a concern that this is not safe for the reason that on POST action to save the changed data, my service layer loads the persisted version of the User account details that have just been changed by the UserId sent back in the ViewModel.
I have used Fiddler to alter the POST request and changed the UserId to the UserId of another User record in my database, this can have serious problems as someone could potentially change someone elses password and/or other details this way.
Please could someone advise on how I could avoid such a problem when using ViewModels. Is it that using Session in this case is the only way(I know using Session is best avoided but what about for this purpose)?
I do it through a method of encrypted sessionKey this encrypted key holds user details such as ID etc. the hidden field for ID is always zero on the form and this is changed to the ID of my user.UserId.
I have a user model (user) and that model is populated with the decrypted data from the session it is how i deal with userlevel etc.
my unencrypted string looks like this: userid||email||datetimelogin||users-GUID||Real Name||userlevel
this then gets encrypted with there own private key at 255.
Just a thought, good point though i guess for most it is quite easy to forget that people could fiddle with the ID.
the idea above by zasz is perfectly valid too but then you would have to build a view model to account for the extra field of GUID and to account for the missing UserId field.