Blog Post

Apps on Azure Blog
7 MIN READ

Smart AI Integration with the Model Context Protocol (MCP) ... part 5

Mark Harrison (UK)'s avatar
Mark Harrison (UK)
Icon for Microsoft rankMicrosoft
Jul 15, 2025

MCP Authentication / Authorization

A discussion on Model Context Protocol: Part 1 - Why is there a need for MCP Link part 1 Part 2 - What MCP is, including its architecture and core components Link part 2 Part 3 - A demo of MC...
Updated Jul 15, 2025
Version 2.0
.net
application modernization
Mark Harrison (UK)'s avatar
Mark Harrison (UK)
Icon for Microsoft rankMicrosoft
Jul 23, 2025

Hi Markus mbuchberger1967ā€‹  ... OAuth is useful when you want the server to know who the user is to do authz - ie behave differently depending on the user or maybe their role.  If its a fixed client and no user interaction then maybe the simplest authentication mechanism is just to check a key in the payload - much like an API key.  Catch me on LinkedIn if you want to discuss.  /markharrison-uk 

mbuchberger1967's avatar
mbuchberger1967
Copper Contributor
Jul 23, 2025

ok i see your point. is there support for your proposal in the MCP C# lib?
Thx for the quick reply. is it ok to discuss here?

 

  • Mark Harrison (UK)'s avatar
    Mark Harrison (UK)
    Icon for Microsoft rankMicrosoft
    Jul 23, 2025

    Sure discuss here - its just these forums seem a bit clunky :-) for a lot of dialogue.
    Not seen any proposal in the C#SDK.   To validate a key passed in the http payload is just standard .NET coding ... i dont think it would be needed in the SDK.

    • mbuchberger1967's avatar
      mbuchberger1967
      Copper Contributor
      Jul 24, 2025

      thx,
      this is my code in the client:

              // Add HTTP client transport for MCP server (adjust the URL as needed)
        var transport_http = new SseClientTransport(
            new SseClientTransportOptions
            {
                Endpoint = new Uri("http://localhost:7071/"), // Replace with your MCP server's HTTP endpoint
                Name = "MCP SSE Server",
                OAuth = new()
                {
                    ClientId = config["Identity:ClientId"],
                    ClientSecret = config["Identity:ClientSecret"],
                    // TenantId = config["Identity:TenantId"],
                    Scopes = [config["Identity:ScopeName"]],
                    RedirectUri = new Uri("http://localhost:7071/signin-oidc"), // Adjust as needed
                    // AuthorizationRedirectDelegate = HandleAuthorizationUrlAsync,
                    // Authority = $"https://login.microsoftonline.com/{config["Identity:TenantId"]}/v2.0"
                }
            }
        );

        IMcpClient mcpClient = await McpClientFactory.CreateAsync(transport_http);
        var tools = await mcpClient.ListToolsAsync();

      I was hoping that I could authenticate with clientId/Secret this way, but this wont work.
      If I get you right you would suggest to leave away the OAuth structure, but creating and connectin the client this way, how would I pass a token between client and server using the mcp sdk?
      Any suggestion?
      Thx
      Markus

      • Mark Harrison (UK)'s avatar
        Mark Harrison (UK)
        Icon for Microsoft rankMicrosoft
        Jul 24, 2025

        yes - im thinking OAUTH is not the way to go .

        isn't it something like ... (ive not tried it - but if I was tweak the code at ColorsMCP/MCPClient/Program.cs at main Ā· markharrison/ColorsMCP ) 

        var payload = new Dictionary<string, object?>()
        {
            ["name"] = "Red"
        };

        // Add  key
        payload["Key"] = "KeyValue";

        var result = await client.CallToolAsync(
            "GetColor",
            payload,
            cancellationToken: CancellationToken.None);

         

        You (obviously) would want to get the key from configuration or something like keyvault ... rather than hard-coding in the source code.