diff --git a/src/MusicStore/Controllers/ShoppingCartController.cs b/src/MusicStore/Controllers/ShoppingCartController.cs
index 45e2aaab57..b13bf6867f 100644
--- a/src/MusicStore/Controllers/ShoppingCartController.cs
+++ b/src/MusicStore/Controllers/ShoppingCartController.cs
@@ -2,6 +2,8 @@
 using MusicStore.Models;
 using MusicStore.ViewModels;
 using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.Framework.DependencyInjection;
 
 namespace MusicStore.Controllers
 {
@@ -19,7 +21,7 @@ namespace MusicStore.Controllers
 
         public IActionResult Index()
         {
-            var cart = ShoppingCart.GetCart(db, this.Context);
+            var cart = ShoppingCart.GetCart(db, Context);
 
             // Set up our ViewModel
             var viewModel = new ShoppingCartViewModel
@@ -42,7 +44,7 @@ namespace MusicStore.Controllers
                 .Single(album => album.AlbumId == id);
 
             // Add it to the shopping cart
-            var cart = ShoppingCart.GetCart(db, this.Context);
+            var cart = ShoppingCart.GetCart(db, Context);
 
             cart.AddToCart(addedAlbum);
 
@@ -54,12 +56,30 @@ namespace MusicStore.Controllers
 
         //
         // AJAX: /ShoppingCart/RemoveFromCart/5
-
         [HttpPost]
-        public IActionResult RemoveFromCart(int id)
+        public async Task<IActionResult> RemoveFromCart(int id)
         {
+            var formParameters = await Context.Request.GetFormAsync();
+            var requestVerification = formParameters["RequestVerificationToken"];
+            string cookieToken = null;
+            string formToken = null;
+
+            if (!string.IsNullOrWhiteSpace(requestVerification))
+            {
+                var tokens = requestVerification.Split(':');
+
+                if (tokens != null && tokens.Length == 2)
+                {
+                    cookieToken = tokens[0];
+                    formToken = tokens[1];
+                }
+            }
+
+            var antiForgery = Context.RequestServices.GetService<AntiForgery>();
+            antiForgery.Validate(Context, new AntiForgeryTokenSet(formToken, cookieToken));
+
             // Retrieve the current user's shopping cart
-            var cart = ShoppingCart.GetCart(db, this.Context);
+            var cart = ShoppingCart.GetCart(db, Context);
 
             // Get the name of the album to display confirmation
             // TODO [EF] Turn into one query once query of related data is enabled
diff --git a/src/MusicStore/Controllers/StoreManagerController.cs b/src/MusicStore/Controllers/StoreManagerController.cs
index 1f8143f189..938c6cfd0c 100644
--- a/src/MusicStore/Controllers/StoreManagerController.cs
+++ b/src/MusicStore/Controllers/StoreManagerController.cs
@@ -61,6 +61,7 @@ namespace MusicStore.Controllers
 
         // POST: /StoreManager/Create
         [HttpPost]
+        [ValidateAntiForgeryToken]
         public IActionResult Create(Album album)
         {
             if (ModelState.IsValid)
@@ -94,6 +95,7 @@ namespace MusicStore.Controllers
         //
         // POST: /StoreManager/Edit/5
         [HttpPost]
+        [ValidateAntiForgeryToken]
         public IActionResult Edit(Album album)
         {
             if (ModelState.IsValid)
diff --git a/src/MusicStore/Models/ShoppingCart.cs b/src/MusicStore/Models/ShoppingCart.cs
index d15b7ef705..45bd53b0b6 100644
--- a/src/MusicStore/Models/ShoppingCart.cs
+++ b/src/MusicStore/Models/ShoppingCart.cs
@@ -1,8 +1,7 @@
-using Microsoft.AspNet.Http;
-using Microsoft.Data.Entity;
-using System;
+using System;
 using System.Collections.Generic;
 using System.Linq;
+using Microsoft.AspNet.Http;
 
 namespace MusicStore.Models
 {
diff --git a/src/MusicStore/Views/ShoppingCart/Index.cshtml b/src/MusicStore/Views/ShoppingCart/Index.cshtml
index 65d422b527..e1da516312 100644
--- a/src/MusicStore/Views/ShoppingCart/Index.cshtml
+++ b/src/MusicStore/Views/ShoppingCart/Index.cshtml
@@ -1,8 +1,18 @@
 @model MusicStore.ViewModels.ShoppingCartViewModel
+@inject AntiForgery Xsrf
 @{
     ViewBag.Title = "Shopping Cart";
 }
 
+@functions
+{
+    public string GetAntiXsrfToken()
+    {
+        var tokens = Xsrf.GetTokens(Context, null);
+        return tokens.CookieToken + ":" + tokens.FormToken;
+    }
+}
+
 @section Scripts {
     <script type="text/javascript">
         $(function () {
@@ -14,7 +24,7 @@
                 if (recordToDelete != '') {
 
                     // Perform the ajax post
-                    $.post(PostToUrl, { "id": recordToDelete },
+                    $.post(PostToUrl, { "id": recordToDelete, "RequestVerificationToken": '@GetAntiXsrfToken()' },
                         function (data) {
                             // Successful requests get here
                             // Update the page elements
@@ -58,24 +68,24 @@
     </tr>
     @foreach (var item in Model.CartItems)
     {
-        <tr id="row-@item.CartItemId">
-            <td>
-                @Html.ActionLink(item.Album.Title,
+    <tr id="row-@item.CartItemId">
+        <td>
+            @Html.ActionLink(item.Album.Title,
                     "Details", "Store", new { id = item.AlbumId }, null)
-            </td>
-            <td>
-                @item.Album.Price
-            </td>
-            <td id="item-count-@item.CartItemId">
-                @item.Count
-            </td>
-            <td>
-                <a href="#" class="RemoveLink" data-id="@item.CartItemId"
-                       data-url='@Url.Content("~/ShoppingCart/RemoveFromCart")'>
-                        Remove from cart
-                    </a>
-            </td>
-        </tr>
+        </td>
+        <td>
+            @item.Album.Price
+        </td>
+        <td id="item-count-@item.CartItemId">
+            @item.Count
+        </td>
+        <td>
+            <a href="#" class="RemoveLink" data-id="@item.CartItemId"
+               data-url='@Url.Content("~/ShoppingCart/RemoveFromCart")'>
+                Remove from cart
+            </a>
+        </td>
+    </tr>
     }
     <tr>
         <td>