How to protect against CSRF by default in ASP.NET MVC 4?

Question

Is there a way to ensure ASP.NET MVC 4 forms are protected against CSRF by default?

For instance, is there a way to have AntiForgeryToken automatically

Answer 1

I have used FXCop to write two code analysis rules one that require that a HttpMethod attribute is applied to all controller actions and a second that requires any action that has a HttpPost attribute must also have a RequiresAntiForgeryToken attribute.

This worked well for us. The rules are not particularly hard to write