Question

Secure a Web API

You are building a Web API to be used by third-party websites, and you want to reach as many users as possible. You want to protect your service from XSRF attacks. Which requirement do you state for your third parties?

	Use the ValidateAntiForgeryToken attribute on your Web API service.
	Use Windows Authentication.
	Force them to use ASP.NET MVC so you can easily authenticate requests.
	Require them to include both a cookie and a form value with a unique token.