protected-mcp-server-demo by gmantri - MCP Server

Protected MCP Server Demo

An ASP.NET Core implementation of a Model Context Protocol (MCP) server, secured with Azure Entra ID (Active Directory). This project demonstrates how to expose functionality (simple math tools) to LLMs via MCP while enforcing enterprise-grade security and Role-Based Access Control (RBAC).

Purpose of this tool is to demonstrate two things:

How you can protect your MCP server with Azure AD/Entra ID.
How to implement Role-based Access Control (RBAC) for different tools exposed by your MCP server.

Features

Model Context Protocol Implementation: Exposes tools to AI assistants using the standardized MCP specification.
Tools: Includes basic math operations (Add, Subtract, Multiply, Divide).
Secure by Default:
- Protected by Azure Entra ID (OAuth2/OpenID Connect).
- Uses JWT Bearer Token authentication.
- Implements granular RBAC (Role-Based Access Control) on a per-tool basis.

Prerequisites

.NET SDK: Version 10.0 (or compatible preview/standard version).
Azure Account: For creating an App Registration and deploying the Web App.
Azure CLI: For deployment scripts.
MCP Client: A client capable of connecting to an MCP server that supports authentication credentials. This code makes use of VS Code as an authorized MCP client.

Getting Started

1. Azure Setup (Entra ID)

You need to register an application in your Azure Entra ID tenant to handle authentication.

Create App Registration:
- Go to the Azure Portal > Microsoft Entra ID > App registrations.
- New registration > Name it (e.g., "Protected MCP Server").
- For account type, choose Accounts in this organizational directory only (Single Tenant).
- For redirect URI, start with http://localhost:5284. If you have already deployed the web app in Azure, add it's URL later in the redirect URI section after creation.
- Note down the Application (client) ID and Directory (tenant) ID. This will be needed later on.

Define App Roles:

In the App Registration blade, go to App roles.

Create the following roles (set allowed member types to Users/Groups):

Display name	Value	Description	Allowed member types
Add Tool User	`add-tool-user`	Users in this role will be able to invoke "Add" tool.	Users/Groups
Subtract Tool User	`subtract-tool-user`	Users in this role will be able to invoke "Subtract" tool.	Users/Groups
Multiply Tool User	`multiply-tool-user`	Users in this role will be able to invoke "Multiply" tool.	Users/Groups
Divide Tool User	`divide-tool-user`	Users in this role will be able to invoke "Divide" tool.	Users/Groups

Expose an API:
- In App Registration > Expose an API.
- Set the Application ID URI (e.g., api://<client-id>).
- Add a scope:
  - Click Add a scope.
  - Scope name: access_as_user.
  - Who can consent?: Admins and users.
  - Enter valid display names and descriptions.
  - Ensure state is Enabled and click Add scope.
- Authorized client applications:
  - Click Add a client application.
  - Enter the VS Code client ID: aebc6443-996d-45c2-90f0-388ff96faa56.
  - Select the authorized scopes to allow VS Code to request tokens for your API.
Assign Roles:
- Go to Enterprise Applications (search for your app name).
- Go to Users and groups > Add user/group > Select a user > Select the appropriate role/s.
- Note: Only users with the assigned role can successfully invoke the corresponding tool.

2. Configuration

Update appsettings.json in ProtectedMcpServerDemo or use environment variables.

appsettings.json:

{
  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "your-tenant.onmicrosoft.com",
    "TenantId": "your-tenant-id",
    "ClientId": "your-client-id"
  },
  "ApiEndpoint": "https://your-app-url.azurewebsites.net" or "http://localhost:5284"
}

3. Local Development

cd ProtectedMcpServerDemo
dotnet run

The server will start (check console for port, typically http://localhost:5284 or https://localhost:7017).

4. Use MCP Server in VS Code

Open VS Code.
Create a file called mcp.json inside .vscode directory in your project folder. You may need to create .vscode folder if it does not exist.
Copy the following in mcp.json file:

{
    "servers": {
        "My Math MCP Server": {
            "type": "http",
            "url": "http://localhost:5284"
        }
    }
}

Start MCP server. VS Code will prompt you to login. Login using your Work/School account.
Open GitHub Copilot Chat. Select "My Math MCP Server" from the tools and then start asking math related questions. For example, you can ask a question like what is 5 times 2 minus 7.

5. Deployment to Azure

A deployment script deploy.sh is provided for Azure Web Apps.

Make sure you are logged in to Azure:
```
az login
```
Edit ProtectedMcpServerDemo/deploy.sh and update the Configuration variables at the top (Resource Group, App Name) and the Azure AD Configuration section.

Run the script:

cd ProtectedMcpServerDemo
chmod +x deploy.sh
./deploy.sh

Once the deployment is successful, change url in your mcp.json to connect to MCP server running in Azure.

Usage

To use this server, your MCP client must include a valid Bearer token in the Authorization header when connecting to the MCP endpoint.

MCP Endpoint: https://<your-app>.azurewebsites.net
Transport: HTTP / SSE

Authorization Flow

The client obtains an Access Token from Azure AD for the resource api://<client-id>.
The client connects to the MCP server endpoint, providing the token: Authorization: Bearer <token>
When a tool (e.g., Add) is called, the server checks if the token contains the required role claim (e.g., add-tool-user).
If authorized, the tool executes; otherwise, access is denied.

Project Structure

Program.cs: Configures the web host, JWT authentication, and MCP services.
Tools/MathTools.cs: Defines the MCP tools and applies [Authorize(Roles = "...")] attributes to enforce permissions.
deploy.sh: Script to build, package, and deploy the application to Azure Web Apps.