There is a standard method of preventing a CSRF attack by comparing a value in a special cookie (that is posted automatically with each request) and some value that is coming either in form post (from html) or in a header with ajax requests.
Micosoft has a documentation here for Web Api on how to do CSRF prevention using Web Api and code basically generates two values and concatenates them together and then one can send this value with each ajax request and the server will validate.
As far as I can see the validation will check that the token have two parts that are equal to each other and check if it was generated by authenticated user. For anonymous it will only check the first part.
So my question is:
Is this method as secure as comparing token from header with value from cookie or there is some drawbacks to doing it this way?
P.S. Authentication itself is using cookie and is sent with each API request which make it possible to attack with CSRF