My only question is, does it still work in a web farm or multiple Azure web role instances? My meaning is that it's not intended to be used with Web API, whereas the more flexible Anti Forgery. I was just implementing this actual problem in my current project.
