In my current MVC application, I am building forms in mostly standard HTML. In my controllers when the user updates a record I am currently passing back a hidden field with IDs relevant to the user, or a selection he has made.
For Example:
<input type="hidden" value=@Model.UserContact.Id name="user.UserContact.Id" />
I am concerned with the security of "hidden" fields. IE, could a savvy user easily intercept/change the hidden field prior to making a post? Is there a better/standard way to prevent this?