Question

Secure a Web API

You are building a Web API to be used by third-party websites, and you want to reach as many users as possible. You want to protect your service from XSRF attacks. Which requirement do you state for your third parties?

	Use Windows Authentication.
	Require them to include both a cookie and a form value with a unique token.
	Force them to use ASP.NET MVC so you can easily authenticate requests.
	Use the ValidateAntiForgeryToken attribute on your Web API service.