Try casting a magic string past as a GET variable to be used in a switch/case statement to an enum?

This could be smart in the name of improving security on something in C# (think web forms) that was bad to begin with. Instead of trying to strip sinister characters out of the string to make it safe, why not restrain it to one of only a handful of legitimate shapes?