EntraQuick 1.0.0
dotnet tool install --global EntraQuick --version 1.0.0
dotnet new tool-manifest
dotnet tool install --local EntraQuick --version 1.0.0
#tool dotnet:?package=EntraQuick&version=1.0.0
nuke :add-package EntraQuick --version 1.0.0
EntraQuick
Scaffold Azure Entra ID authentication for .NET APIs in seconds — not hours.
EntraQuick is a dotnet tool that eliminates the friction of setting up Azure Entra ID authentication in .NET projects. Instead of following 15–20 manual steps across the Azure Portal, appsettings.json, and Program.cs, just run one command.
Installation
dotnet tool install --global EntraQuick
Requires .NET 9 SDK.
Quick start
Interactive wizard
entra-quick init
A step-by-step wizard guides you through every option and shows you exactly which files will be created before writing anything to disk.
Direct flags (scriptable)
entra-quick init \
--type api \
--auth-flow client-credentials \
--roles Admin,Reader,Writer \
--swagger \
--output ./src/Auth \
--namespace MyApi.Auth
Preview without writing files
entra-quick init --type api --auth-flow client-credentials --dry-run
Commands
entra-quick init
Generates authentication scaffolding for your project.
| Flag | Values | Default | Description |
|---|---|---|---|
--type |
api, webapp, minimal-api |
api |
Target project type |
--auth-flow |
client-credentials, auth-code, on-behalf-of |
client-credentials |
OAuth2 flow |
--roles |
Admin,Reader,... |
— | App roles to generate |
--scopes |
scope1,scope2,... |
— | OAuth2 scopes |
--tenant-mode |
single, multi |
single |
Tenant configuration |
--output |
path | ./Auth |
Output folder |
--namespace |
string | MyApp.Auth |
C# namespace |
--framework |
net8, net9 |
net9 |
Target .NET version |
--swagger |
flag | false |
Add Swagger OAuth2 config |
--dry-run |
flag | false |
Preview files without writing |
--provision-azure |
flag | false |
Create App Registration via az cli |
--app-name |
string | — | Name for the App Registration |
entra-quick doctor
Validates an existing appsettings.EntraId.json:
entra-quick doctor --appsettings ./src/Auth/appsettings.EntraId.json
Checks for: valid GUIDs, placeholder values, correct Audience format, standard Instance URL.
entra-quick list-templates
Shows all available auth flow templates and the files they generate.
Generated files
Running entra-quick init --type api --auth-flow client-credentials --roles Admin,Reader --swagger produces:
Auth/
├── AuthenticationExtensions.cs # AddEntraIdAuthentication() + UseEntraIdAuthentication()
├── appsettings.EntraId.json # AzureAd config section (fill in your TenantId/ClientId)
├── ClaimsPrincipalExtensions.cs # GetObjectId(), GetTenantId(), GetRoles(), IsInAppRole()
├── AppRoles.cs # public const string Admin = "Admin"; ...
├── AuthorizationPolicies.cs # AddEntraIdPolicies() with RequireAdmin, RequireReader
├── SwaggerAuthExtensions.cs # AddEntraIdSwagger() + UseEntraIdSwagger()
└── SETUP.md # Step-by-step integration guide
Integrating into your project
Add to Program.cs:
// Load config
builder.Configuration.AddJsonFile("Auth/appsettings.EntraId.json", optional: false);
// Register services
builder.Services.AddEntraIdAuthentication(builder.Configuration);
builder.Services.AddEntraIdPolicies(); // if --roles was used
builder.Services.AddEntraIdSwagger(...); // if --swagger was used
var app = builder.Build();
app.UseEntraIdAuthentication();
app.UseEntraIdSwagger(...); // if --swagger was used
Then update Auth/appsettings.EntraId.json with your real TenantId and ClientId.
Azure provisioning
With --provision-azure, EntraQuick creates the App Registration automatically (requires az cli and an active session):
entra-quick init \
--type api \
--auth-flow client-credentials \
--roles Admin,Reader \
--provision-azure \
--app-name "MyApi-Dev"
EntraQuick will:
- Verify
azis installed and you are logged in - Show the active subscription and ask for confirmation
- Create the App Registration
- Set the Application ID URI (
api://<clientId>) - Create App Roles
- Create the Service Principal
- Generate a Client Secret (for
client-credentialsonly) - Fill in real values in the generated
appsettings.EntraId.json
Supported auth flows
| Flow | Use case | Generated middleware |
|---|---|---|
client-credentials |
Service-to-service, daemon apps | AddMicrosoftIdentityWebApi + JWT bearer |
auth-code |
Interactive browser sign-in | AddMicrosoftIdentityWebApiAuthentication |
on-behalf-of |
API calling a downstream API on behalf of a user | OBO with EnableTokenAcquisitionToCallDownstreamApi |
All flows support single-tenant and multi-tenant (multi-tenant disables issuer validation automatically).
Requirements
- .NET 9 SDK
az cli(only for--provision-azureanddoctorwith Azure validation)
Contributing
PRs are welcome. See CLAUDE.md for architecture details and coding conventions.
git clone https://github.com/DieSatan/entra-quick
cd entra-quick
dotnet build
dotnet test
License
MIT © Gustavo Aguilera
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net9.0 is compatible. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
This package has no dependencies.
| Version | Downloads | Last Updated |
|---|---|---|
| 1.0.0 | 109 | 4/11/2026 |