Files
agent-framework/dotnet/samples/02-agents/ModelContextProtocol/Agent_MCP_Server_Auth
T
Chris 904a5b843e Python / .NET Samples - Restructure and Improve Samples (Feature Branc… (#4092)
* Python: .NET Samples - Restructure and Improve Samples (Feature Branch) (#4091)

* Moved by agent (#4094)

* Fix readme links

* .NET Samples - Create `04-hosting` learning path step (#4098)

* Agent move

* Agent reorderd

* Remove A2A section from README 

Removed A2A section from the Getting Started README.

* Agent fixed links

* Fix broken sample links in durable-agents README (#4101)

* Initial plan

* Fix broken internal links in documentation

Co-authored-by: crickman <66376200+crickman@users.noreply.github.com>

* Revert template link changes; keep only durable-agents README fix

Co-authored-by: crickman <66376200+crickman@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: crickman <66376200+crickman@users.noreply.github.com>

* .NET Samples - Create `03-workflows` learning path step (#4102)

* Fix solution project path

* Python: Fix broken markdown links to repo resources (outside /docs) (#4105)

* Initial plan

* Fix broken markdown links to repo resources

Co-authored-by: crickman <66376200+crickman@users.noreply.github.com>

* Update README to rename .NET Workflows Samples section

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: crickman <66376200+crickman@users.noreply.github.com>

* .NET Samples - Create `02-agents` learning path step (#4107)

* .NET: Fix broken relative link in GroupChatToolApproval README (#4108)

* Initial plan

* Fix broken link in GroupChatToolApproval README

Co-authored-by: crickman <66376200+crickman@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: crickman <66376200+crickman@users.noreply.github.com>

* Update labeler configuration for workflow samples

* .NET - Reorder Agents samples to start from Step01 instead of Step04 (#4110)

* Fix solution

* Resolve new sample paths

* Move new AgentSkills and AgentWithMemory_Step04 samples

* Fix link

* Fix readme path

* fix: update stale dotnet/samples/Durable path reference in AGENTS.md

Co-authored-by: crickman <66376200+crickman@users.noreply.github.com>

* Moved new sample

* Update solution

* Resolve merge (new sample)

* Sync to new sample - FoundryAgents_Step21_BingCustomSearch

* Updated README

* .NET Samples - Configuration Naming Update (#4149)

* .NET: Restore AzureFunctions index parity with ConsoleApps under DurableAgents samples (#4221)

* Clean-up `05_host_your_agent`

* Config setting consistency

* Refine samples

* AGENTS.md

* Move new samples

* Re-order samples

* Move new project and fixup solution

* Fixup model config

* Fix up new UT project

---------

Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
904a5b843e · 2026-02-26 00:56:10 +00:00
History
..

Model Context Protocol Sample

This example demonstrates how to use tools from a protected Model Context Protocol server with Agent Framework.

MCP is an open protocol that standardizes how applications provide context to LLMs.

For information on Model Context Protocol (MCP) please refer to the documentation.

The sample shows:

  1. How to connect to a protected MCP Server using OAuth 2.0 authentication
  2. How to implement a custom OAuth authorization flow with browser-based authentication
  3. Retrieve the list of tools the MCP Server makes available
  4. Convert the MCP tools to AIFunction's so they can be added to an agent
  5. Invoke the tools from an agent using function calling

Installing Prerequisites

Configuring Environment Variables

Set the following environment variables:

$env:AZURE_OPENAI_ENDPOINT="https://your-resource.openai.azure.com/" # Replace with your Azure OpenAI resource endpoint
$env:AZURE_OPENAI_DEPLOYMENT_NAME="gpt-4o-mini"  # Optional, defaults to gpt-4o-mini

Setup and Running

Step 1: Start the Test OAuth Server

First, you need to start the TestOAuthServer which provides OAuth authentication:

cd <MCP CSHARP-SDK>\tests\ModelContextProtocol.TestOAuthServer
dotnet run --framework net10.0

The OAuth server will start at https://localhost:7029

Step 2: Start the Protected MCP Server

Next, start the ProtectedMCPServer which provides the weather tools:

cd <MCP CSHARP-SDK>\samples\ProtectedMCPServer
dotnet run

The protected server will start at http://localhost:7071

Step 3: Run the Agent_MCP_Server_Auth sample

Finally, run this client:

dotnet run

What Happens

  1. The client attempts to connect to the protected MCP server at http://localhost:7071
  2. The server responds with OAuth metadata indicating authentication is required
  3. The client initiates OAuth 2.0 authorization code flow:
    • Opens a browser to the authorization URL at the OAuth server
    • Starts a local HTTP listener on http://localhost:1179/callback to receive the authorization code
    • Exchanges the authorization code for an access token
  4. The client uses the access token to authenticate with the MCP server
  5. The client lists available tools and calls the GetAlerts tool for New York state

The following diagram outlines an example OAuth flow:

sequenceDiagram
    participant Client as Client
    participant Server as MCP Server (Resource Server)
    participant AuthServer as Authorization Server 

    Client->>Server: MCP request without access token
    Server-->>Client: HTTP 401 Unauthorized with WWW-Authenticate header
    Note over Client: Analyze and delegate tasks
    Client->>Server: GET /.well-known/oauth-protected-resource
    Server-->>Client: Resource metadata with authorization server URL
    Note over Client: Validate RS metadata, build AS metadata URL
    Client->>AuthServer: GET /.well-known/oauth-authorization-server
    AuthServer-->>Client: Authorization server metadata
    Note over Client,AuthServer: OAuth 2.0 authorization flow happens here
    Client->>AuthServer: Token request
    AuthServer-->>Client: Access token
     Client->>Server: MCP request with access token
    Server-->>Client: MCP response
    Note over Client,Server: MCP communication continues with valid token

OAuth Configuration

The client is configured with:

  • Client ID: demo-client
  • Client Secret: demo-secret
  • Redirect URI: http://localhost:1179/callback
  • OAuth Server: https://localhost:7029
  • Protected Resource: http://localhost:7071

Available Tools

Once authenticated, the client can access weather tools including:

  • GetAlerts: Get weather alerts for a US state
  • GetForecast: Get weather forecast for a location (latitude/longitude)

Troubleshooting

  • Ensure the ASP.NET Core dev certificate is trusted.
    dotnet dev-certs https --clean
    dotnet dev-certs https --trust
    
  • Ensure all three services are running in the correct order
  • Check that ports 7029, 7071, and 1179 are available
  • If the browser doesn't open automatically, copy the authorization URL from the console and open it manually
  • Make sure to allow the OAuth server's self-signed certificate in your browser