|I think it's possible to do personally, although I haven't done it nor put any day long research into it. Or perhaps at least just start with a piece of JWT, such as picking up the token from the other modern project to background validate in the old MVC4 system so you don't have to sign in again, and then the old system just runs as normal. That is very plausible to do. It's even plausible to me at least, to modify the old system so when you sign in, it writes a JWT token to local storage as well so you don't don't have to sign in to the new system.
I pretty sure I can write a hack of
AttributeUsageAttribute and call it
[Authorize] that I can decorate the controller
ActionResult with that will validate a token. Basically a hack of System.Identity but in a smaller package. Store the token in a cookie and can read and write it.
On SPA apps, well Angular at least, you don't have to store the token in Local Storage, but it can be stored in a cookie as well. But the cookie has to be a real single value cookie, and not the asp.net cookie that can store an array of values.
If it ain't broke don't fix it
Discover my world at jkirkerx.com