DotNet MCP Server Demo

using Microsoft.AspNetCore.Authentication; using Microsoft.Extensions.Options; using System.Security.Claims; using System.Text; using System.Text.Encodings.Web; namespace MCPDemo.Services { public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions> { public BasicAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder) : base(options, logger, encoder) { } protected override Task<AuthenticateResult> HandleAuthenticateAsync() { if (!Request.Headers.ContainsKey("Authorization")) { return Task.FromResult(AuthenticateResult.Fail("Missing Authorization Header")); } try { var authHeader = Request.Headers["Authorization"].ToString(); if (!authHeader.StartsWith("Basic ", StringComparison.OrdinalIgnoreCase)) { return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header")); } var token = authHeader.Substring("Basic ".Length).Trim(); var credentialString = Encoding.UTF8.GetString(Convert.FromBase64String(token)); var credentials = credentialString.Split(':', 2); if (credentials.Length != 2) { return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header")); } var username = credentials[0]; var password = credentials[1]; // Simple hardcoded credentials for demo purposes // In production, you would validate against a database or external service if (username == "admin" && password == "password123") { var claims = new[] { new Claim(ClaimTypes.NameIdentifier, username), new Claim(ClaimTypes.Name, username), }; var identity = new ClaimsIdentity(claims, Scheme.Name); var principal = new ClaimsPrincipal(identity); var ticket = new AuthenticationTicket(principal, Scheme.Name); return Task.FromResult(AuthenticateResult.Success(ticket)); } return Task.FromResult(AuthenticateResult.Fail("Invalid Username or Password")); } catch { return Task.FromResult(AuthenticateResult.Fail("Invalid Authorization Header")); } } } }