MVC Authentication and Antiforgery token with Durandal SPA template

Question

Some areas of my SPA need to be open to all users, and some areas require authentication. In these areas, it\'s the data loaded via AJAX that I want to protect.

I have a

Answer 1

I prefer to pass the antiforgery token in the header. This way its easy to parse out of the request on the server because its not intermingled with your form's data.

I then created a custom action filter to check for the antiforgery token.

I created a post already on how to do this.