<\/i>About the Author<\/strong><\/p>This is a guest post from Jean-Marc Prieur from Microsoft’s 1ES (One Engineering System) team. We help reduce developer toil across Microsoft by making it easy to build services that are secure and compliant from the start, for instance with Aspire and Entra ID.<\/div><\/p>\n TL;DR:<\/strong> When you create an Aspire app with You’ve just created your first Aspire application:<\/p>\n You’ve got a beautiful Blazor frontend talking to an API backend, all orchestrated by Aspire. But there’s a problem: anyone can access your API<\/strong>. No authentication. No authorization.<\/p>\n The questions pile up:<\/p>\n If you’re using GitHub Copilot<\/strong>, Claude<\/strong>, or another AI coding assistant, you can add Entra ID authentication in minutes using AI skills<\/strong>\u2014an open standard for sharing domain-specific knowledge with AI assistants.<\/p>\n Watch the live demo of the Aspire+Entra ID agent skills from February 3rd Microsoft Reactor episode How Microsoft uses Agentic AI to accelerate software delivery<\/strong>.<\/p>\n If you want to try yourself:<\/p>\n Or simply copy the Open GitHub Copilot Chat and say:<\/p>\n You:<\/strong> “Add Entra ID authentication to my Aspire app”<\/p>\n<\/blockquote>\n Copilot<\/strong> will detect the skill and walk you through it:<\/p>\n Copilot:<\/strong> “I detected your Aspire solution with:<\/p>\n I’ll implement authentication in two phases:<\/p>\n Phase 1 (now):<\/strong> Add authentication code with placeholder values. The app will build<\/strong> but won’t run<\/strong> until app registrations are configured.<\/p>\n Phase 2 (after):<\/strong> Use the provisioning skill to create Entra ID app registrations.<\/p>\n Ready to proceed?”<\/p>\n You:<\/strong> “Yes”<\/p>\n<\/blockquote>\n Copilot then:<\/p>\n Copilot:<\/strong> “I’m now ready to provision the Entra ID apps. Shall I proceed?”<\/p>\n You:<\/strong> “Yes please!”<\/p>\n Copilot:<\/strong> “I’ll use Microsoft Graph PowerShell to create the app registrations. First, let me check your tenant connection…”<\/p>\n<\/blockquote>\n Copilot runs PowerShell commands to:<\/p>\n Open the Aspire dashboard, navigate to your Blazor app, and click Login<\/strong>. That’s it! \ud83c\udf89<\/p>\n The skills automated what would take at least 30-60 minutes manually, or even days without the detailed instructions:<\/p>\n The flow:<\/strong><\/p>\n Want to know what the skills actually did? Or prefer to implement manually? Here’s the simplified breakdown. The full article is available from Manually add Entra ID authentication and authorization to an Aspire App<\/a><\/p>\naspire new aspire-starter<\/code>, you get a Blazor frontend and API backend\u2014but no authentication. This post shows two ways to fix that: the quick way<\/strong> (using AI skills with GitHub Copilot) and the detailed way<\/strong> (understanding every line of code).<\/p>\nThe problem<\/h2>\n
aspire new aspire-starter --name MyService<\/code><\/pre>\n\n
The quick way: AI skills (5 minutes)<\/h2>\n
Overview<\/h3>\n
![\"How](\"https:\/\/img.youtube.com\/vi\/jvzPLZQQD3A\/hqdefault.jpg\")
<\/a><\/p>\nStep 1: Add the skills to your repo<\/h3>\n
# From your repo root\nmkdir -p .github\/skills # or .copilot\/skills or what your coding agent understand\ncd .github\/skills\n\n# Download the skills (or copy the repo)\ncurl -O https:\/\/aka.ms\/msidweb\/aspire\/entra-id-code-skill\ncurl -O https:\/\/aka.ms\/msidweb\/aspire\/entra-id-provisioning-skill<\/code><\/pre>\nentra-id-aspire-authentication<\/code> and entra-id-aspire-provisioning<\/code> folders from the Entra ID aspire skills on github<\/a>.<\/p>\nStep 2: Ask your AI assistant<\/h3>\n
\n
\n
\n
MyService.Web<\/code><\/li>\nMyService.ApiService<\/code><\/li>\n<\/ul>\n\n
Microsoft.Identity.Web<\/code> packages<\/li>\nappsettings.json<\/code> with Azure AD config (placeholders)<\/li>\nProgram.cs<\/code> in both projects<\/li>\nStep 3: Provision app registrations<\/h3>\n
\n
\n
access_as_user<\/code> scope<\/li>\nappsettings.json<\/code> with real values<\/li>\n<\/ol>\nStep 4: Run and test<\/h3>\n
aspire run<\/code><\/pre>\n
\nWhat just happened?<\/h2>\n
![\"Aspire](\"https:\/\/devblogs.microsoft.com\/aspire\/wp-content\/uploads\/sites\/90\/2026\/02\/aspire-app-architecture.webp\")
<\/p>\n\n
MicrosoftIdentityMessageHandler<\/code> automatically acquires access token<\/li>\n
\nThe detailed way: understanding the code<\/h2>\n
Files modified<\/h3>\n