According to the article here there are two ways alternative ways to prevent it:
Wrap JSON arrays into an JSON object.
Instead of
["a", "b"]
return{data: ["a", "b"]}
Only response to HTTP POSTs. This is the default behaviour of JsonResult in MVC
I believe that implementing Cross Site Request Forgery (XSRF) Protection would also prevent JSON Vulnerability since XSRF ensures that only you can make the JSON request.
If you still want to implement the recommendation by AngularJS, you must implement your own JsonResult. See the JsonResult source code here: