So the login and security is with sessions in webforms, but I want to change it to use web api and tokens. I'm basically looking to transition to a SPA. The whole site can't be re-written at once so it would be great to do it little by little.
I could add Web API to the web forms project, or create a new web api project. (Probably create a new web api project)
On the login page I get a oauth bearer token, and for now keep it in the session. Later keep it in the javascript. What if the token expires before/after the session. That's probably something I'd have to worry about. This is probably my biggest worry.
Then on the content pages, I'd make ajax calls to web api and send the bearer token. Then eventually, everything would be html/javascript.
Then convert the master pages to html and load static html/javascript content pages and add javascript routing.
Anyone see anything wrong with this?