Your problem is not with your Controller-hierarchy, it's because you don't have an AntiForgeryToken in the request (as the error says).
To do so, add the following to your view (inside the form) that posts to the Controller:
@Html.AntiForgeryToken()