diff --git a/rest_framework/authentication.py b/rest_framework/authentication.py
index cb9608a3c..8e8a4ec3f 100644
--- a/rest_framework/authentication.py
+++ b/rest_framework/authentication.py
@@ -125,7 +125,8 @@ class SessionAuthentication(BaseAuthentication):
         if not user or not user.is_active:
             return None
 
-        self.enforce_csrf(request)
+        if not request.csrf_exempt:
+            self.enforce_csrf(request)
 
         # CSRF passed with authenticated user
         return (user, None)
diff --git a/rest_framework/request.py b/rest_framework/request.py
index aafafcb32..8e9435f6d 100644
--- a/rest_framework/request.py
+++ b/rest_framework/request.py
@@ -81,7 +81,8 @@ def clone_request(request, method):
                   parsers=request.parsers,
                   authenticators=request.authenticators,
                   negotiator=request.negotiator,
-                  parser_context=request.parser_context)
+                  parser_context=request.parser_context,
+                  csrf_exempt=request.csrf_exempt)
     ret._data = request._data
     ret._files = request._files
     ret._full_data = request._full_data
@@ -132,7 +133,7 @@ class Request(object):
     """
 
     def __init__(self, request, parsers=None, authenticators=None,
-                 negotiator=None, parser_context=None):
+                 negotiator=None, parser_context=None, csrf_exempt=False):
         self._request = request
         self.parsers = parsers or ()
         self.authenticators = authenticators or ()
@@ -143,6 +144,7 @@ class Request(object):
         self._full_data = Empty
         self._content_type = Empty
         self._stream = Empty
+        self._csrf_exempt = csrf_exempt
 
         if self.parser_context is None:
             self.parser_context = {}
@@ -237,6 +239,13 @@ class Request(object):
             self._authenticate()
         return self._authenticator
 
+    @property
+    def csrf_exempt(self):
+        """
+        Return the _csrf_exempt attribute
+        """
+        return self._csrf_exempt
+
     def _load_data_and_files(self):
         """
         Parses the request content into `self.data`.
diff --git a/rest_framework/views.py b/rest_framework/views.py
index 41d108e53..9a1db447a 100644
--- a/rest_framework/views.py
+++ b/rest_framework/views.py
@@ -358,12 +358,15 @@ class APIView(View):
         """
         parser_context = self.get_parser_context(request)
 
+        csrf_exempt = getattr(self, 'csrf_exempt', False)
+
         return Request(
             request,
             parsers=self.get_parsers(),
             authenticators=self.get_authenticators(),
             negotiator=self.get_content_negotiator(),
-            parser_context=parser_context
+            parser_context=parser_context,
+            csrf_exempt=csrf_exempt
         )
 
     def initial(self, request, *args, **kwargs):