aspnet
diff --git a/‎src/Microsoft.AspNet.Mvc.TagHelpers/FormTagHelper.cs‎
Lines changed: 51 additions & 28 deletions b/‎src/Microsoft.AspNet.Mvc.TagHelpers/FormTagHelper.cs‎
Lines changed: 51 additions & 28 deletions
diff --git a/‎src/Microsoft.AspNet.Mvc.TagHelpers/Properties/Resources.Designer.cs‎
Lines changed: 4 additions & 4 deletions b/‎src/Microsoft.AspNet.Mvc.TagHelpers/Properties/Resources.Designer.cs‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎src/Microsoft.AspNet.Mvc.TagHelpers/Resources.resx‎
Lines changed: 1 addition & 1 deletion b/‎src/Microsoft.AspNet.Mvc.TagHelpers/Resources.resx‎
Lines changed: 1 addition & 1 deletion
@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Collections.Generic;
 using System.Linq;
 using Microsoft.AspNet.Mvc.Rendering;
 using Microsoft.AspNet.Razor.Runtime.TagHelpers;
@@ -16,7 +17,6 @@ namespace Microsoft.AspNet.Mvc.TagHelpers
     public class FormTagHelper : TagHelper
     {
         private const string RouteAttributePrefix = "route-";
-        private static readonly bool DefaultAntiForgeryBehavior = true;
 
         [Activate]
         private ViewContext ViewContext { get; set; }
@@ -43,7 +43,8 @@ public class FormTagHelper : TagHelper
         public string Method { get; set; }
 
         /// <summary>
-        /// Whether the anti-forgery token should be generated. Defaults to <c>true</c>.
+        /// Whether the anti-forgery token should be generated. Defaults to <c>true</c> if <see cref="Action"/> is not
+        /// a URL, <c>false</c> otherwise.
         /// </summary>
         [HtmlAttributeName("anti-forgery")]
         public bool? AntiForgery { get; set; }
@@ -52,64 +53,86 @@ public class FormTagHelper : TagHelper
         /// <remarks>Does nothing if <see cref="Action"/> contains a '/'.</remarks>
         public override void Process(TagHelperContext context, TagHelperOutput output)
         {
+            bool antiForgeryDefault = true;
+
+            var routeValues = GetRouteValues(output);
+
             // If Action contains a '/' it means the user is attempting to use the FormTagHelper as a normal form.
             if (Action != null && Action.Contains('/'))
             {
-                if (Controller != null)
+                if (Controller != null || routeValues != null)
                 {
                     // We don't know how to generate a form action since a Controller attribute was also provided.
                     throw new InvalidOperationException(
                         Resources.FormatFormTagHelper_CannotDetermineAction(
-                            nameof(FormTagHelper),
+                            "<form>",
                             nameof(Action),
-                            nameof(Controller)));
+                            nameof(Controller),
+                            RouteAttributePrefix));
+                }
+
+                // If the anti-forgery token was not specified then don't assume that it's on (user is using the
+                // FormTagHelper like a normal <form> tag).
+                antiForgeryDefault = false;
+
+                // Restore Action, Method and Route HTML attributes if they were provided, user wants non-TagHelper <form>.
+                output.RestoreBoundHtmlAttribute(nameof(Action), context);
+
+                if (Method != null)
+                {
+                    output.RestoreBoundHtmlAttribute(nameof(Method), context);
                 }
 
-                RestoreBoundHtmlAttributes(context, output);
+                if (routeValues != null)
+                {
+                    foreach(var routeKeys in routeValues.Keys)
+                    {
+                        output.RestoreBoundHtmlAttribute("route-" + routeKeys, context);
+                    }
+                }
             }
             else
             {
-                var prefixedValues = output.PullPrefixedAttributes(RouteAttributePrefix);
-
-                // Generator.GenerateForm does not accept a Dictionary<string, string> for route values.
-                var routeValues = prefixedValues.ToDictionary(
-                    attribute => attribute.Key.Substring(RouteAttributePrefix.Length),
-                    attribute => (object)attribute.Value);
-
                 var tagBuilder = Generator.GenerateForm(ViewContext,
                                                         Action,
                                                         Controller,
                                                         routeValues,
                                                         Method,
                                                         htmlAttributes: null);
 
-                output.Merge(tagBuilder);
+                if (tagBuilder != null)
+                {
+                    // We don't want to do a full merge because we want the TagHelper content to take presedence.
+                    output.MergeAttributes(tagBuilder);
+                }
+            }
 
-                if (AntiForgery ?? DefaultAntiForgeryBehavior)
+            if (AntiForgery ?? antiForgeryDefault)
+            {
+                var antiForgeryTag = Generator.GenerateAntiForgery(ViewContext);
+
+                if (antiForgeryTag != null)
                 {
-                    var antiForgeryTag = Generator.GenerateAntiForgery(ViewContext);
                     output.Content += antiForgeryTag.ToString(TagRenderMode.SelfClosing);
                 }
             }
         }
 
-        // Restores bound HTML attributes when we detect that a user is using the AnchorTagHelper as a normal <a> tag.
-        private void RestoreBoundHtmlAttributes(TagHelperContext context, TagHelperOutput output)
+        // TODO: We will not need this method once https://github.com/aspnet/Razor/issues/89 is completed.
+        private static Dictionary<string, object> GetRouteValues(TagHelperOutput output)
         {
-            if (Action != null)
-            {
-                output.RestoreBoundHtmlAttribute(nameof(Action), context);
-            }
+            var prefixedValues = output.PullPrefixedAttributes(RouteAttributePrefix);
 
-            if (Controller != null)
+            Dictionary<string, object> routeValues = null;
+            if (prefixedValues.Any())
             {
-                output.RestoreBoundHtmlAttribute(nameof(Controller), context);
+                // Generator.GenerateForm does not accept a Dictionary<string, string> for route values.
+                routeValues = prefixedValues.ToDictionary(
+                    attribute => attribute.Key.Substring(RouteAttributePrefix.Length),
+                    attribute => (object)attribute.Value);
             }
 
-            if (Method != null)
-            {
-                output.RestoreBoundHtmlAttribute(nameof(Method), context);
-            }
+            return routeValues;
         }
     }
 }
@@ -118,6 +118,6 @@
     <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
   <data name="FormTagHelper_CannotDetermineAction" xml:space="preserve">
-    <value>Cannot determine an {1} for {0}. A {0} with a speicified URL based {1} must not have a {2} attribute.</value>
+    <value>Cannot determine an {1} for {0}. A {0} with a URL-based {1} must not have attributes starting with {3} or a {2} attribute.</value>
   </data>
 </root>