Ah yes, XSRF.
So the basics are we need to ensure that the content of a POST request is coming from our site and has not been intercepted by a ne’er-do-well.
In ASP.Net MVC it’s pretty straighforward. In your Razor file, just add an
Html.AntiForgeryToken() into the form in question and then, on the action, add a
[ValidateAntiForgeryToken] filter and all is well.