views:

102

answers:

5

i keep hearing that i shouldn't be using primary keys in my asp.net mvc url

for example: /Users/Edit/1243

what is the issue here?

what is the alternative, putting in user names? as you want it to be unique, it seems like primary key is the cleanest option

thoughts?

+5  A: 

I don't see any problem with putting the primary key on the URL (neither do the creators of Stack Overflow and countless other sites either for that matter). One thing that is often done is to supply the primary key and also supply a SEO and user friendly "slug" that is a human-readable title of the data that the identifier links to.

If you intend to identify a resource (in your case, a user account) you will have to supply a unique identifier on the URL. Even if you decide to not use the primary key you must still choose an identifier that cannot change.

Andrew Hare
One potential issue with the identifier + slug approach: if the web app uses only the identifier to look up the resource, the slug can be changed into anything (by anyone) and still point to the same place. Meaning that someone who sees the URL could be mislead into thinking it points to something different from what it actually does. For example, http://stackoverflow.com/questions/2087441/how-to-build-a-house is a valid URL for this question on Stack Overflow.
Anders Fjeldstad
A: 

There could be two reasons
- Security consern
- SEO Optimization

putting usernames seems to be a good alternative

Bahadir Cambel
A: 

I think you should keep that primary key - otherwise how will you identify your entity.

Two points:

  • SEO - it's better for Google & Co to read text. Why not put ID + name in the URL
  • Security: But it is a must to check in your BL if the current user has access rights to the requested entity.
Arthur
A: 

There's no real issue with using the primary key, especially if it's int (guids make for ugly urls).

An edit is a bad example, what if you had something like

www.example.org/users/1234

That doesn't really tell you much. and if it's a profile page it's awfully counter-intuitive.

The right URL for the right job.

mletterle
+2  A: 

One of the issues with putting (numeric) primary keys in the URL is someone (or some search engine) could start replacing the number with other numbers to see what you've got in your db. Often this isn't a problem, but if...

  • you have a situation where users are only supposed to edit or see their own data
  • you have content in your db that you are "hiding" by not linking to it on your website
  • etc...

...you have to make sure you do permission checking in your Action method to ensure no one sees data they shouldn't. As long as you are doing the proper permission checking on each request - primary keys shouldn't pose a problem.

Bryan