ValidateAngularAntiForgeryTokenAttribute - A FilterAttribute which does xsrf validation for calls from angular. EnsureXsrfCookie - A method which ensures that a cookie is available for angular to read which supplies the form half of the xsrf information which ASP.NET uses to validate the request. IIRC, this requires ASP.NET 4.

_Layout.cshtml

<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8" />
    <title>Example using AngularAntiForgeryToken in _Layout.cshtml</title>
</head>
<body>
    @RenderBody()

    @Html.AngularAntiForgeryToken()
</body>
</html>

HtmlExtensions.cs

using System.Web.Helpers;

namespace System.Web.Mvc
{
    public static class HtmlExtensions
    {
        public static IHtmlString AngularAntiForgeryToken(this HtmlHelper html)
        {
            const string xsrfTokenCookieName = "XSRF-TOKEN";

            var request = HttpContext.Current.Request;
            var response = HttpContext.Current.Response;

            var xsrfCookie = request.Cookies.Get(xsrfTokenCookieName);
            var xsrfCookieExists = xsrfCookie != null && !string.IsNullOrEmpty(xsrfCookie.Value);

            var requestVerificationCookie = request.Cookies.Get(AntiForgeryConfig.CookieName);
            var requestVerificationCookieExists = requestVerificationCookie != null && !string.IsNullOrEmpty(requestVerificationCookie.Value);

            string oldCookieToken = null;
            if (requestVerificationCookieExists)
                oldCookieToken = requestVerificationCookie.Value;

            string newCookieToken, formToken;
            AntiForgery.GetTokens(oldCookieToken, out newCookieToken, out formToken);
            var oldCookieTokenIsValid = newCookieToken == null;
            var cookieToken = oldCookieTokenIsValid ? oldCookieToken : newCookieToken;

            if (!requestVerificationCookieExists || !oldCookieTokenIsValid)
                response.SetCookie(new HttpCookie(AntiForgeryConfig.CookieName, cookieToken) { HttpOnly = true, Secure = AntiForgeryConfig.RequireSsl });

            if (!xsrfCookieExists || !oldCookieTokenIsValid)
                response.SetCookie(new HttpCookie(xsrfTokenCookieName, formToken) { HttpOnly = false });

            return null;
        }
    }
}

ValidateAngularAntiForgeryTokenAttribute.cs

using System.Web.Helpers;

namespace System.Web.Mvc
{
    /// <summary>
    /// Represents an attribute that is used to prevent forgery of a request when using .
    /// </summary>
    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
    public class ValidateAngularAntiForgeryTokenAttribute : FilterAttribute, IAuthorizationFilter
    {
        internal Action<string, string> ValidateAction { get; private set; }
        private const string XsrfHeaderName = "X-XSRF-TOKEN";

        public ValidateAngularAntiForgeryTokenAttribute()
            : this(AntiForgery.Validate)
        {
        }

        internal ValidateAngularAntiForgeryTokenAttribute(Action<string, string> validateAction)
        {
            ValidateAction = validateAction;
        }

        public void OnAuthorization(AuthorizationContext filterContext)
        {
            if (filterContext == null)
                throw new ArgumentNullException("filterContext");

            var cookieToken = GetCookieValue(filterContext.HttpContext.Request, AntiForgeryConfig.CookieName);
            var formToken = filterContext.HttpContext.Request.Headers.Get(XsrfHeaderName);

            ValidateAction(cookieToken, formToken);
        }

        private static string GetCookieValue(HttpRequestBase request, string cookieName)
        {
            var cookie = request.Cookies.Get(cookieName);
            if (cookie == null || string.IsNullOrEmpty(cookie.Value))
                return null;

            return cookie.Value;
        }
    }
}