Storing state in asp.net MVC

Question

I'm building an asp.net MVC 2 app.

I have a list view which lists items based on a parameter. In the database I have a parent and child table, so my list view lists all the child records for where the parent's id matches the value specified in the parameter.

This is my controller and model:

public ActionResult List(int ParentID)
{
    return View(new Models.ChildListModel(ParentID));
}

public class ChildListModel
{
    public int ParentID {get;set;}

    public ManagementUserListModel(int iParentID)
    {
        this.ParentID = iParentID;
        this.Children = DataAccessLayer.ListChildrenForParent(iParentID);
    }

    public List<Child> Children {get;set;}
}

I also have a details and create action for that controller. The details and create view have a "back to list" action, which I want to go back to the list view, and maintain the original ParentID. So far I've been doing this by creating a hidden field called ParentID in the list, edit, create and details views, so that the model's ParentID property will get populated correctly:

<%= Html.HiddenFor(model => model.ParentID) %>

Then in the "Back to List" action in each view I pass the ParentID:

<%=Html.ActionLink("Back to List", "List", new {ParentID = Model.ParentID}) %>

This all works, but I'm not a big fan of storing raw IDs in the html. Are there any better ways to do this? Is there some built in way to encrypt the data (kind of like the standard asp.net viewstate did?) I'm just trying to achieve some sort of tamper resistance, and trying to avoid using session state (TempData, etc) because I don't want to have to handle session timeouts.

Answer 1

You may take a look at this article. You could use the new Html.Serialize extension method in your view which allows you to serialize entire objects and encrypt it:

<%= Html.Serialize("person", Model, SerializationMode.Encrypted) %>

Which serializes the Model into a hidden field and encrypts the value. To get the model back you use the DeserializeAttribute in the controller action to which the form is submitted:

public ActionResult Edit([Deserialize]Person person)  { }

Answer 2

The easiest way would be to keep the parentid in the URL. It will look a bit strange for the Create Action but I still think that this the less troublesome way.

If you keep state, you will alwas have the problem that you can not hit F5 and you can not bookmark the page.

The backlink is a simple ActionLink in this case.

Urls would be:

/YourController/List/YourParentParameterValue

/YourController/Detail/YourParentParameterValue/YourDetailParameterValue

/YourController/Create/YourParentParameterValue