Support for Authorize attribute on tool class and functions

[wim-gdwi]

In .NET APIs, often in combination with OAuth/Token authentication it is custom to mail claims to roles, and perform role based authentication in the solution. For example the below controller:

• Authorize with (optional) roles attribute on class level
• Authorize with (optional) roles attribute on function level

namespace OfficeConnect.Api
{
    [ApiController]
    [Route("api/[controller]")]
    [Authorize(Roles = "Dossier.Read")]
    public class DossierController : ControllerBase
    {

        private readonly ILogger<DossierController> _logger;
        private readonly DossierHandler _dossierHandler;

        public DossierController(ILogger<DossierController> logger, DossierHandler dossierHandler)
        ...

        [HttpGet]
        ...

        [HttpPost]
        [Authorize(Roles = "Dossier.Write")]
        ....
    }
}

It would be nice and ver .NET alike to have this also on the level of MCP tool type definition in a similar way so that roles are automatically validated, but, also for example the "list" adjusts it's content depending on the provided authentication token. In combination with OAuth this significantly reduces the implementation time for secure MCP severs and uses well known techniques for .NET developers.

namespace OfficeConnect.Api.Tools
{
    [McpServerToolType]
    [Authorize(Roles = "Dossier.Read")]
    public class DossierTool
    {
        private readonly ILogger<DossierTool> _logger;
        private readonly DossierHandler _dossierClient;

        public DossierTool(ILogger<DossierTool> logger, DossierHandler dossierClient)
        ...

        // We are returning the HashcodeInfo object directly, which gets serialized to json automatically. The LLM is able to understand this object well
        [McpServerTool, Description("Get dossier summary by hash code")]
        ...

        [McpServerTool, Description("Create new dossier")]
        [Authorize(Roles = "Dossier.Write")]
        ...
    }
}

[halter73]

Thanks for filing this issue. This is something that we'd like to make work at least for ASP.NET Core based servers.

[wim-gdwi]

@halter73 I made a workaround now by using RunSessionHandler to store session ID and http context so that later in the tools, it is also possible to request the claims of the user (for certain implementations it turned out having the Roles attribute filter out the calls wasn't enough and in some of the tools you need the user info that is in the claim).

I filtered out the tools using a custom ConfigureSessionOptions handler which filters out the list of tools based on reflection.

It achieves what I had in mind: the list tools is filtered based on the claims and call tools cannot be done as such + in a tool I can get extra user claims, such as unique user ID, though it is by far not the best way. It would be better if the HTTP context was part of the tool base class so user claims are available that way.