protected-mcp-server-demo
Verified Safeby gmantri
Overview
Exposing secure, role-based tools to LLMs via the Model Context Protocol (MCP) using ASP.NET Core and Azure Entra ID.
Installation
cd ProtectedMcpServerDemo && dotnet runEnvironment Variables
- AzureAd__Instance
- AzureAd__Domain
- AzureAd__TenantId
- AzureAd__ClientId
- ApiEndpoint
- ASPNETCORE_ENVIRONMENT
Security Notes
The server explicitly prioritizes security by integrating Azure Entra ID (OAuth2/OpenID Connect) for authentication and granular Role-Based Access Control (RBAC) for tool authorization. JWT Bearer token authentication is used. Configuration relies on appsettings.json or environment variables for sensitive Azure AD details, preventing hardcoding. The deployment script (`deploy.sh`) uses standard Azure CLI commands for secure configuration and deployment. No `eval` or obvious malicious patterns were found. The primary security model is robust, relying on established Microsoft security practices.
Similar Servers
AI-Gateway
The project serves as a collection of labs demonstrating AI Gateway capabilities with Azure API Management, focusing on Model Context Protocol (MCP) to enable plug-and-play tool integration for Large Language Models (LLMs).
mcp-openapi-server
A Model Context Protocol (MCP) server that exposes OpenAPI endpoints as MCP tools, along with optional support for MCP prompts and resources, enabling Large Language Models to interact with REST APIs.
mcp-dotnet-samples
This MCP server retrieves GitHub Copilot customizations, including instructions, agents, prompts, and collections, from the `awesome-copilot` repository to provide contextual guidance to AI models.
mcp-container-ts
Provides a secure, extensible Model Context Protocol (MCP) server using Node.js and TypeScript, designed to expose custom tools to LLMs, deployable on Azure Container Apps with robust JWT and RBAC security.