antiforgerytoken

I'm making JSON-based AJAX requests and, with MVC controllers have been very grateful to Phil Haack for his Preventing CSRF with AJAX and, Johan Driessen's Updated Anti-XSRF for MVC 4 RC . But, as I transition API-centric controllers to Web API, I'm hitting issues where the functionality between the two approaches is markedly different and I'm unable to transition the CSRF code. ScottS raised a similar question recently which was answered by Darin Dimitrov. Darin's solution involves implementing an authorization filter which calls AntiForgery.Validate. Unfortunately, this code does not work

We have some existing MVC web services that are called AJAX style from web pages. These services make use of the ValidateAntiForgeryToken attribute to help prevent request forgeries. We are looking to migrate these services to Web API, but there appears to be no equivalent anti-forgery functionality. Am I missing something? Is there a different approach to addressing request forgeries with Web API? You could implement such authorization attribute: [AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, AllowMultiple = false, Inherited = true)] public sealed class

I have a form post that consistently gives me an anti-forgery token error. Here is my form: @using (Html.BeginForm()) { @Html.AntiForgeryToken() @Html.EditorFor(m => m.Email) @Html.EditorFor(m => m.Birthday) <p> <input type="submit" id="Go" value="Go" /> </p> } Here is my action method: [HttpPost] [ValidateAntiForgeryToken] public ActionResult Join(JoinViewModel model) { //a bunch of stuff here but it doesn't matter because it's not making it here } Here is the machineKey in web.config: <system.web> <machineKey validationKey="mykey" decryptionKey="myotherkey" validation="SHA1" decryption="AES"