Does HTTPS protect against CSRF attacks?

A general, golden rule woule be:

Never trust that the incoming client request is a legitimate one. Be always suspicious and assume that the request could be maliciously forged.

Few specific rules beyond the mentioned OWASP article:

1. if your data needs authentication/authorization, avoid generic interfaces on the server, like the CRUD interface. easy to code, difficult to authorize specific requests coming from clients. instead, offer a SOA-style interface with explicit methods dedicated to specific use cases where you will have direct control over requests and their parameters.

   http://msdn.microsoft.com/en-us/library/ms954638.aspx

2. even if the framework provides some control over the request validity (ASP.NET viewstate), check again if the user is authorized to pass the set of incoming parameters.

No, running a page on HTTPS does not protect it from CSRF. The fact that the communications between the browser and server is encrypted has no bearing on CSRF.

I suggest reading the OWASP guidance on preventing CSRF.