Prevent CSRF (or Cross-Site Request Forgery/XSRF) for silverlight enabled WCF Service

The silverlight enabled WCF Service communication is secured using a USB token/smartcard. The first access has to be confirmed by entering a PIN. Once authenticated, a malicious website could start CSRF 开发者_JAVA百科requests to the WCF service using IMG-Tags and/or JavaScript. According to the Security Guidance for Writing and Deploying Silverlight Applications, a usual technique here is to use (session-)tokens or a so called "nonce", while checking the HTTP Referrer header has proven to be insecure.

I understand the idea behind this, to my understanding it works well if you have a single form (i.e. contact form) and a single service where you can ensure that a user has to see and fill out the form before sending. In a Silverlight application, I'm not able to predefine such kind of sequence, many requests (like requesting a price update for a product) can be started in an arbitrary order.

Do you have some advices how I should secure the Silverlight to WCF communication to prevent CSRF attacks, ensuring that an already authenticated caller requests from a trusted site?

One option could be:

1. Provide a service that when called, created a nonce and stores it on the users session on the server, and returns it to the calling application
2. On every request after this one, include the nonce as a URL parameter or in the POSTed body of the request (or within any other type of message you use)
3. Check for this nonce for every request to the server

An attacker could not trick this, because if he called the mentioned service he would get a different token for their own session. And as long as this nonce is not stored in a cookie, it will not be automatically submitted by the browser upon requests to the server. So as long as the attacker cannot guess the nonce (use a cryptographically secure random to generate it), this should work.