How to pass the anti-forgery token an action method with the HttpDelete attribute in ASP.NET MVC?

Question

Is this even possible?

Code looks like this ...

[Transaction]
[ValidateAntiForgeryToken]
[HttpDelete]
public ActionResult Delete(int id) { ...}

Answer 1

You could add the following helper to the form:

<%= Html.HttpMethodOverride(HttpVerbs.Delete) %>

This will include a hidden field which will instruct the framework to invoke the proper controller action. Now there are two possibilities:

1. Normal html form submit: only POST is supported so this is what will be used but thanks to the hidden field the proper controller action will be invoked
2. AJAX: you could use any verb you want including DELETE to serialize the form input values and send them - no problem here.