C# Web API & Android app - Error anti-forgery token could not be decrypted on POST with Cookie

Question

Ok, continuing from my previous question, where I stated that adding a Cookie to an Android HttpPost isn't that hard: It is hard(er than I thought)..

I use the following HttpPost method in my Android app:

@Override
protected String doInBackground(String... urls){
    String response = "";
    for(String url : urls){
        HttpPost post = new HttpPost(url);
        try{
            URL u = new URL(url);
            String baseUrl = u.getProtocol() + "://" + u.getHost();

            // POST-request requires anti-forgery Cookie
            CookieManager cookieManager = CookieManager.getInstance();
            String cookie = cookieManager.getCookie(baseUrl);
            post.setHeader("Cookie", cookie);

            // POST-request requires cookieToken, provider and returnUrl
            String[] cookieStrings = cookie.split("=");
            List<NameValuePair> nvPairs = new ArrayList<NameValuePair>(3);
            nvPairs.add(new BasicNameValuePair(cookieStrings[0], cookieStrings[1]));
            nvPairs.add(new BasicNameValuePair("provider", "Google"));
            nvPairs.add(new BasicNameValuePair("returnUrl", baseUrl));
            post.setEntity(new UrlEncodedFormEntity(nvPairs));

            HttpResponse execute = client.execute(post);

            // Get the response of the POST-request
            InputStream content = execute.getEntity().getContent();
            BufferedReader buffer = new BufferedReader(new InputStreamReader(content));
            String s = "";
            while((s = buffer.readLine()) != null)
                response += s;
        }
        catch(Exception ex){
            ex.printStackTrace();
        }
    }
    return response;
}

When I debug the response, I'm getting the following error:

The anti-forgery token could not be decrypted. If this application is hosted by a Web Farm or cluster, ensure that all machines are running the same version of ASP.NET Web Pages and that the <machineKey> configuration specifies explicit encryption and validation keys. AutoGenerate cannot be used in a cluster.

I've Googled this error and found this link. Here they add a machineKey to the C# Web.config. I checked and this machineKey is already present in my C# project of the Web API.

So, reading the error above, I believe it's caused because I'm just running HttpPost and HttpGet requests from the Android App (which is the Web Farm or cluster part? Am I correct in this?

And more importantly, how do I fix this error in Android so I can send my Cookie + CookieToken successfully, so I'm logged in with the POST-request. Cause then I can start using GET-requests that are [Authorized] from the same DefaultHttpClient.

Thanks in advance for the responses.

---

Edit 1:

After reading the answers from this stackoverflow question:

• I don't have more than one @Html.AntiForgeryToken() on one page.
• The machineKey was already added to the Web.config as mentioned before.

Answer 1

Ok, this error is solved.. Turned out I had three cookies instead of one, so with the string-split I had part of the next cookie with the string token. So that's solved now by getting all cookies separately (splitting with ";"), and then splitting the correct cookie with "=" to send it.

After I did that however, if received a next error:

Validation of the provided anti-forgery token failed. The cookie "__RequestVerificationToken" and the form field "__RequestVerificationToken" were swapped.

But at least I can continue again and the error above is solved.