Please bare in mind that I already put a machine key in both of my project's web.config files and I already checked that there is no multiple @Html.AntiForgeryToken() as described here. I have two projects developed in Asp.Net 4, when deployed locally give me fallowing error on first attempt and there is no problem on second time. I also delete the cookies and browsing history, just to make sure but same result.
Internal Server Error
The anti-forgery token could not be decrypted. If this application is
hosted by a Web Farm or cluster, ensure that all machines are running
the same version of ASP.NET Web Pages and that the
configuration specifies explicit encryption and validation keys.
AutoGenerate cannot be used in a cluster.
System.Web.Mvc.HttpAntiForgeryException (0x80004005): The anti-forgery token could not be decrypted. If this application is hosted by a Web Farm or cluster, ensure that all machines are running the same version of ASP.NET Web Pages and that the <machineKey> configuration specifies explicit encryption and validation keys. AutoGenerate cannot be used in a cluster.
at System.Web.Helpers.AntiXsrf.AntiForgeryTokenSerializer.Deserialize(String serializedToken)
at System.Web.Helpers.AntiXsrf.AntiForgeryTokenStore.GetCookieToken(HttpContextBase httpContext)
at System.Web.Helpers.AntiXsrf.AntiForgeryWorker.Validate(HttpContextBase httpContext)
at System.Web.Helpers.AntiForgery.Validate()
at System.Web.Mvc.ValidateAntiForgeryTokenAttribute.OnAuthorization(AuthorizationContext filterContext)
at System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass1e.<BeginInvokeAction>b__16(AsyncCallback asyncCallback, Object asyncState)
Best Answer
I have similar problem. I have another virtual directory for webapi under main application. I checked there is only one token in the page source and having same machine key in both Main app and webapi.