Back to feed
Dev.to
Dev.to
5/10/2026
Beyond Localhost: Implementing Production-Grade Entra ID Auth in .NET Aspire

Beyond Localhost: Implementing Production-Grade Entra ID Auth in .NET Aspire

Short summary

Deploy production-grade Microsoft Entra ID authentication in .NET Aspire by using three separate app registrations (API, React frontend, Scalar UI testing client) instead of a single registration. Configure your Next.js frontend with provider-agnostic environment variables and Aspire's AppHost to keep local development environments in sync with production. Critical: explicitly request API scopes in your frontend auth configuration to receive API-usable access tokens, not generic ones that trigger 401 rejections.

  • Three-registration architecture separates concerns for security and maintainability
  • Provider-agnostic environment variables enable switching between Keycloak and Entra ID with config only
  • Explicitly request API scopes in frontend auth to avoid generic 401-rejection tokens

Generated with AI, which can make mistakes.

Read full article at Dev.to

Is this a good recommendation for you?

Explore more

Spring Boot JWT auth needs
Dev.to
Building an Authentication Starter: Lessons from Integrating Next.js, PostgreSQL, Prisma, and NextAuth
Dev.to
Building a Multi-Channel Notification Service in .NET 8
Dev.to
5 Lessons Learned Building Scal
Dev.to