Cross-Site Request Forgery (CSRF) mainly occurs when user logs in vulnerable site and then user visit the malicious site in the another tab of browser. Malicious site may contain some code which can call actions/methods from vulnerable site.
For example:

1. User logs in www.vulnerablesite.com using credentials.
2. User gets authorize using form authenticaion and set cookies to browser.
3. Now, if user visits mailicious site i.e. www.mailicioussite.com which contains following code:

   <form action="http://vulnerablesite.com/transaction" method="post">
   	<input type="hidden" name="accountnumber" values="xxxxxxxxxxxx" />
   	<input type="hidden" name="amount" values="100000" />
   	<input type="submit" value="click me" />
   </form>

   The CSRF part is the form action posts to vulnerable site instead of malicious site.

4. After pressing "click me" button by user, the browser will add authenticaion cookie with the request.

5. This request will be authenticated on server with the user authenticaion context and can do anything that authenticated user is allowed to do.

To prevent CSRF attacks, ASP.NET uses anti-forgery tokens which is also called as "request validation token".
In this approach, the client request a HTML pages which cont a form. The server includes two token in the response. One token sent as a "Cookie" and the other is placed in a hidden form field. When the client submits the form, both tokens send back to server. If a request does not include both tokens, the server deny the request.