Ok, continuing from my previous question, where I stated that adding a Cookie to an Android HttpPost isn't that hard: It is hard(er than I thought)..
I use the following HttpPost method in my Android app:
@Override
protected String doInBackground(String... urls){
String response = "";
for(String url : urls){
HttpPost post = new HttpPost(url);
try{
URL u = new URL(url);
String baseUrl = u.getProtocol() + "://" + u.getHost();
// POST-request requires anti-forgery Cookie
CookieManager cookieManager = CookieManager.getInstance();
String cookie = cookieManager.getCookie(baseUrl);
post.setHeader("Cookie", cookie);
// POST-request requires cookieToken, provider and returnUrl
String[] cookieStrings = cookie.split("=");
List<NameValuePair> nvPairs = new ArrayList<NameValuePair>(3);
nvPairs.add(new BasicNameValuePair(cookieStrings[0], cookieStrings[1]));
nvPairs.add(new BasicNameValuePair("provider", "Google"));
nvPairs.add(new BasicNameValuePair("returnUrl", baseUrl));
post.setEntity(new UrlEncodedFormEntity(nvPairs));
HttpResponse execute = client.execute(post);
// Get the response of the POST-request
InputStream content = execute.getEntity().getContent();
BufferedReader buffer = new BufferedReader(new InputStreamReader(content));
String s = "";
while((s = buffer.readLine()) != null)
response += s;
}
catch(Exception ex){
ex.printStackTrace();
}
}
return response;
}
When I debug the response
, I'm getting the following error:
The anti-forgery token could not be decrypted. If this application is
hosted by a Web Farm or cluster, ensure that all machines are running
the same version of ASP.NET Web Pages and that the <machineKey>
configuration specifies explicit encryption and validation keys.
AutoGenerate cannot be used in a cluster.
I've Googled this error and found this link. Here they add a machineKey
to the C# Web.config
. I checked and this machineKey
is already present in my C# project of the Web API.
So, reading the error above, I believe it's caused because I'm just running HttpPost
and HttpGet
requests from the Android App (which is the Web Farm or cluster
part? Am I correct in this?
And more importantly, how do I fix this error in Android so I can send my Cookie
+ CookieToken
successfully, so I'm logged in with the POST-request
. Cause then I can start using GET-requests
that are [Authorized]
from the same DefaultHttpClient
.
Thanks in advance for the responses.
Edit 1:
After reading the answers from this stackoverflow question:
- I don't have more than one
@Html.AntiForgeryToken()
on one page.
- The
machineKey
was already added to the Web.config
as mentioned before.