In my last couple of projects we have used a combination of MVC, AngularJS and Web API. We have used MVC Bundling and minification, MVC layout file to provide a master page and authorization on page level. Each of our pages has been implemented using AngularJS. The applications has been implemented as a collection of SPA applications. MVC is delivering the skeleton of each page/SPA while AngularJS is used to provide dynamic features within each page. In this post I will go into the details on how we are combining MVC and AngularJS to implement Anti-Forgery tokens used to secure our Web API against Cross-Site Request Forgery (CSRF) Attacks.