Skip to main content
Glama

Building Protected MCP Servers – Insights from Den Delimarsky

Written by on .

Agentic Ai
mcp
servers
Best Practices
  1. Problem
    1. Intuition
      1. C# Server Setup – Secure MCP with ASP.NET Core
        1. Python Client Example – Token Exchange and Secure Call
          1. Key Notes
            1. Acknowledgements

              Den Delimarsky of Microsoft delves into the emerging authorization specification for MCP servers, showcasing how to implement protected servers with minimal friction using the C# SDK.

              Problem

              Building secure, standards-compliant MCP servers is complex. Developers often shy away from implementing OAuth flows, token validation, and auth metadata publishing.

              Challenges include:

              • Handling OAuth 2.1 flows

              • Returning protected resource metadata

              • Verifying JSON Web Tokens (JWTs)

              • Ensuring compatibility across identity providers (Okta, Entra ID, AWS)

              The goal: reduce the developer burden via drop-in SDK components.

              Intuition

              The new MCP authorization spec separates the authorization server from the resource server, so each can evolve independently. Your MCP server just needs to:

              • Advertise the auth server via metadata

              • Respond with 401 Unauthorized and a pointer to that metadata

              • Validate access tokens using standard JWT libraries

              Microsoft's C# SDK abstracts away much of this, allowing developers to declare auth support declaratively.

              C# Server Setup – Secure MCP with ASP.NET Core

              Here’s a simplified view of how to set up a protected MCP server in C#:

              var builder = WebApplication.CreateBuilder(args); // Add authentication using Entra ID (or any OAuth provider) builder.Services.AddAuthentication(options => { options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(options => { options.Authority = "https://login.microsoftonline.com/<tenant_id>"; options.Audience = "api://my-mcp-server"; options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = true, ValidateAudience = true, ValidateLifetime = true }; }); // Add MCP metadata exposure builder.Services.AddMcp(options => { options.ResourceId = "weather-api"; options.Scopes = new[] { "read:weather" }; options.MetadataFormat = McpMetadataFormat.Json; }); var app = builder.Build(); app.UseAuthentication(); app.UseAuthorization(); app.MapGet("/alerts", [Authorize] () => "☀️ Sunny with mild winds"); app.Run();

              This configures an ASP.NET Core MCP server that:

              • Validates tokens

              • Advertises protected resource metadata

              • Uses standard OAuth 2.1 and JWT validation

              Python Client Example – Token Exchange and Secure Call

              Below is a Python client that mimics the MCP flow: get metadata, authorize, then make a protected call.

              import requests from typing import Dict class McpClient: def __init__(self, base_url: str): self.base_url = base_url self.token = None def fetch_metadata(self) -> Dict: r = requests.get(f"{self.base_url}/.well-known/mcp-protected-resource") return r.json() def authorize(self, auth_server: str): print(f"Redirecting to {auth_server} for authorization... (simulate)") self.token = "ey.fake.jwt.token" # Simulated access token def get_alerts(self): headers = {"Authorization": f"Bearer {self.token}"} r = requests.get(f"{self.base_url}/alerts", headers=headers) return r.text # Simulate usage client = McpClient("http://localhost:7071") metadata = client.fetch_metadata() client.authorize(metadata['authorization_server']) print(client.get_alerts())

              Key Notes

              • Authorization spec uses OAuth 2.1 + MCP metadata extension.

              • Developer effort is reduced to just wiring standard components.

              • Protected metadata docs (JSON or JWT) help clients discover auth servers.

              • Visual Studio Code now supports this natively for registered MCPs.

              Acknowledgements

              This article is based on Den Delimarsky's insightful talk at the Session: Building Protected MCP Servers, where he demonstrated Microsoft's streamlined C# SDK for secure MCP server implementation.

              Special thanks to the Anthropic team and the broader MCP developer community for advancing open, modular agent security standards.

              Written by Om-Shree-0709 (@Om-Shree-0709)