Building Protected MCP Servers – Best Practices from Den Delimarsky

Den Delimarsky of Microsoft delves into the emerging authorization specification for MCP servers, showcasing how to implement protected servers with minimal friction using the C# SDK.

Problem

Building secure, standards-compliant MCP servers is complex. Developers often shy away from implementing OAuth flows, token validation, and auth metadata publishing.

Challenges include:

Handling OAuth 2.1 flows
Returning protected resource metadata
Verifying JSON Web Tokens (JWTs)
Ensuring compatibility across identity providers (Okta, Entra ID, AWS)

The goal: reduce the developer burden via drop-in SDK components.

Intuition

The new MCP authorization spec separates the authorization server from the resource server, so each can evolve independently. Your MCP server just needs to:

Advertise the auth server via metadata
Respond with 401 Unauthorized and a pointer to that metadata
Validate access tokens using standard JWT libraries

Microsoft's C# SDK abstracts away much of this, allowing developers to declare auth support declaratively.

C# Server Setup – Secure MCP with ASP.NET Core

Here’s a simplified view of how to set up a protected MCP server in C#:

var builder = WebApplication.CreateBuilder(args);

// Add authentication using Entra ID (or any OAuth provider)
builder.Services.AddAuthentication(options =>
{
    options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
    options.Authority = "https://login.microsoftonline.com/<tenant_id>";
    options.Audience = "api://my-mcp-server";
    options.TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuer = true,
        ValidateAudience = true,
        ValidateLifetime = true
    };
});

// Add MCP metadata exposure
builder.Services.AddMcp(options =>
{
    options.ResourceId = "weather-api";
    options.Scopes = new[] { "read:weather" };
    options.MetadataFormat = McpMetadataFormat.Json;
});

var app = builder.Build();

app.UseAuthentication();
app.UseAuthorization();

app.MapGet("/alerts", [Authorize] () => "☀️ Sunny with mild winds");

app.Run();

This configures an ASP.NET Core MCP server that:

Validates tokens
Advertises protected resource metadata
Uses standard OAuth 2.1 and JWT validation

Python Client Example – Token Exchange and Secure Call

Below is a Python client that mimics the MCP flow: get metadata, authorize, then make a protected call.

import requests
from typing import Dict

class McpClient:
    def __init__(self, base_url: str):
        self.base_url = base_url
        self.token = None

    def fetch_metadata(self) -> Dict:
        r = requests.get(f"{self.base_url}/.well-known/mcp-protected-resource")
        return r.json()

    def authorize(self, auth_server: str):
        print(f"Redirecting to {auth_server} for authorization... (simulate)")
        self.token = "ey.fake.jwt.token"  # Simulated access token

    def get_alerts(self):
        headers = {"Authorization": f"Bearer {self.token}"}
        r = requests.get(f"{self.base_url}/alerts", headers=headers)
        return r.text

# Simulate usage
client = McpClient("http://localhost:7071")
metadata = client.fetch_metadata()
client.authorize(metadata['authorization_server'])
print(client.get_alerts())

Key Notes

Authorization spec uses OAuth 2.1 + MCP metadata extension.
Developer effort is reduced to just wiring standard components.
Protected metadata docs (JSON or JWT) help clients discover auth servers.
Visual Studio Code now supports this natively for registered MCPs.

Acknowledgements

This article is based on Den Delimarsky's insightful talk at the Session: Building Protected MCP Servers, where he demonstrated Microsoft's streamlined C# SDK for secure MCP server implementation.

Special thanks to the Anthropic team and the broader MCP developer community for advancing open, modular agent security standards.