Add middleware and authz support for server-side handlers

Author: halter73

Directory.Packages.props

@@ -66,8 +66,8 @@
     <PackageVersion Include="OpenTelemetry.Exporter.InMemory" Version="1.12.0" />
     <PackageVersion Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.12.0" />
     <PackageVersion Include="OpenTelemetry.Instrumentation.Http" Version="1.12.0" />
-    <PackageVersion Include="OpenTelemetry.Extensions.Hosting" Version="1.12.0"  />
-    <PackageVersion Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.12.0"  />
+    <PackageVersion Include="OpenTelemetry.Extensions.Hosting" Version="1.12.0" />
+    <PackageVersion Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.12.0" />
     <PackageVersion Include="Serilog.Extensions.Hosting" Version="9.0.0" />
     <PackageVersion Include="Serilog.Extensions.Logging" Version="9.0.1" />
     <PackageVersion Include="Serilog.Sinks.Console" Version="6.0.0" />

docs/FILTERS.md

@@ -0,0 +1,117 @@
+# MCP Server Handler Filters
+
+This document describes the filter functionality in the MCP Server, which allows you to add middleware-style filters to handler pipelines.
+
+## Overview
+
+For each handler type in the MCP Server, there are corresponding `AddXXXFilter` methods in `McpServerBuilderExtensions.cs` that allow you to add filters to the handler pipeline. The filters are stored in `McpServerOptions.Filters` and applied during server configuration.
+
+## Available Filter Methods
+
+The following filter methods are available:
+
+- `AddListResourceTemplatesFilter` - Filter for list resource templates handlers
+- `AddListToolsFilter` - Filter for list tools handlers
+- `AddCallToolFilter` - Filter for call tool handlers
+- `AddListPromptsFilter` - Filter for list prompts handlers
+- `AddGetPromptFilter` - Filter for get prompt handlers
+- `AddListResourcesFilter` - Filter for list resources handlers
+- `AddReadResourceFilter` - Filter for read resource handlers
+- `AddCompleteFilter` - Filter for completion handlers
+- `AddSubscribeToResourcesFilter` - Filter for resource subscription handlers
+- `AddUnsubscribeFromResourcesFilter` - Filter for resource unsubscription handlers
+- `AddSetLoggingLevelFilter` - Filter for logging level handlers
+
+## Usage
+
+Filters are functions that take a handler and return a new handler, allowing you to wrap the original handler with additional functionality:
+
+```csharp
+services.AddMcpServer()
+    .WithListToolsHandler(async (context, cancellationToken) =>
+    {
+        // Your base handler logic
+        return new ListToolsResult { Tools = GetTools() };
+    })
+    .AddListToolsFilter(next => async (context, cancellationToken) =>
+    {
+        // Pre-processing logic
+        Console.WriteLine("Before handler execution");
+
+        var result = await next(context, cancellationToken);
+
+        // Post-processing logic
+        Console.WriteLine("After handler execution");
+        return result;
+    });
+```
+
+## Filter Execution Order
+
+```csharp
+services.AddMcpServer()
+    .WithListToolsHandler(baseHandler)
+    .AddListToolsFilter(filter1)  // Executes first (outermost)
+    .AddListToolsFilter(filter2)  // Executes second
+    .AddListToolsFilter(filter3); // Executes third (closest to handler)
+```
+
+Execution flow: `filter1 -> filter2 -> filter3 -> baseHandler -> filter3 -> filter2 -> filter1`
+
+## Common Use Cases
+
+### Logging
+```csharp
+.AddListToolsFilter(next => async (context, cancellationToken) =>
+{
+    Console.WriteLine($"Processing request from {context.Meta.ProgressToken}");
+    var result = await next(context, cancellationToken);
+    Console.WriteLine($"Returning {result.Tools?.Count ?? 0} tools");
+    return result;
+});
+```
+
+### Error Handling
+```csharp
+.AddCallToolFilter(next => async (context, cancellationToken) =>
+{
+    try
+    {
+        return await next(context, cancellationToken);
+    }
+    catch (Exception ex)
+    {
+        return new CallToolResult
+        {
+            Content = new[] { new TextContent { Type = "text", Text = $"Error: {ex.Message}" } },
+            IsError = true
+        };
+    }
+});
+```
+
+### Performance Monitoring
+```csharp
+.AddListToolsFilter(next => async (context, cancellationToken) =>
+{
+    var stopwatch = Stopwatch.StartNew();
+    var result = await next(context, cancellationToken);
+    stopwatch.Stop();
+    Console.WriteLine($"Handler took {stopwatch.ElapsedMilliseconds}ms");
+    return result;
+});
+```
+
+### Caching
+```csharp
+.AddListResourcesFilter(next => async (context, cancellationToken) =>
+{
+    var cacheKey = $"resources:{context.Params.Cursor}";
+    if (cache.TryGetValue(cacheKey, out var cached))
+        return cached;
+
+    var result = await next(context, cancellationToken);
+    cache.Set(cacheKey, result, TimeSpan.FromMinutes(5));
+    return result;
+});
+```

samples/AspNetCoreMcpServer/Properties/launchSettings.json

@@ -7,7 +7,7 @@
       "applicationUrl": "http://localhost:3001",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development",
-        "OTEL_SERVICE_NAME": "aspnetcore-mcp-server",
+        "OTEL_SERVICE_NAME": "aspnetcore-mcp-server"
       }
     },
     "https": {
@@ -16,7 +16,7 @@
       "applicationUrl": "https://localhost:7133;http://localhost:3001",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development",
-        "OTEL_SERVICE_NAME": "aspnetcore-mcp-server",
+        "OTEL_SERVICE_NAME": "aspnetcore-mcp-server"
       }
     }
   }

src/ModelContextProtocol.AspNetCore/AuthorizationFilterSetup.cs

@@ -0,0 +1,222 @@
+using System.Security.Claims;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Options;
+using ModelContextProtocol.Protocol;
+using ModelContextProtocol.Server;
+
+namespace ModelContextProtocol.AspNetCore;
+
+/// <summary>
+/// Evaluates authorization policies from endpoint metadata.
+/// </summary>
+internal sealed class AuthorizationFilterSetup(IAuthorizationPolicyProvider? policyProvider = null) : IConfigureOptions<McpServerOptions>
+{
+    public void Configure(McpServerOptions options)
+    {
+        ConfigureListToolsFilter(options);
+        ConfigureCallToolFilter(options);
+
+        ConfigureListResourcesFilter(options);
+        ConfigureListResourceTemplatesFilter(options);
+        ConfigureReadResourceFilter(options);
+
+        ConfigureListPromptsFilter(options);
+        ConfigureGetPromptFilter(options);
+    }
+
+    private void ConfigureListToolsFilter(McpServerOptions options)
+    {
+        options.Filters.ListToolsFilters.Add(next => async (context, cancellationToken) =>
+        {
+            var result = await next(context, cancellationToken);
+            await FilterAuthorizedItemsAsync(
+                result.Tools, static tool => tool.McpServerTool,
+                context.User, context.Services, context);
+            return result;
+        });
+    }
+
+    private void ConfigureCallToolFilter(McpServerOptions options)
+    {
+        options.Filters.CallToolFilters.Add(next => async (context, cancellationToken) =>
+        {
+            var authResult = await GetAuthorizationResultAsync(context.User, context.MatchedPrimitive, context.Services, context);
+            if (!authResult.Succeeded)
+            {
+                return new CallToolResult
+                {
+                    Content = [new TextContentBlock { Text = "Access forbidden: This tool requires authorization." }],
+                    IsError = true
+                };
+            }
+
+            return await next(context, cancellationToken);
+        });
+    }
+
+    private void ConfigureListResourcesFilter(McpServerOptions options)
+    {
+        options.Filters.ListResourcesFilters.Add(next => async (context, cancellationToken) =>
+        {
+            var result = await next(context, cancellationToken);
+            await FilterAuthorizedItemsAsync(
+                result.Resources, static resource => resource.McpServerResource,
+                context.User, context.Services, context);
+            return result;
+        });
+    }
+
+    private void ConfigureListResourceTemplatesFilter(McpServerOptions options)
+    {
+        options.Filters.ListResourceTemplatesFilters.Add(next => async (context, cancellationToken) =>
+        {
+            var result = await next(context, cancellationToken);
+            await FilterAuthorizedItemsAsync(
+                result.ResourceTemplates, static resourceTemplate => resourceTemplate.McpServerResource,
+                context.User, context.Services, context);
+            return result;
+        });
+    }
+
+    private void ConfigureReadResourceFilter(McpServerOptions options)
+    {
+        options.Filters.ReadResourceFilters.Add(next => async (context, cancellationToken) =>
+        {
+            var authResult = await GetAuthorizationResultAsync(context.User, context.MatchedPrimitive, context.Services, context);
+            if (!authResult.Succeeded)
+            {
+                throw new McpException("Access forbidden: This resource requires authorization.", McpErrorCode.InvalidRequest);
+            }
+
+            return await next(context, cancellationToken);
+        });
+    }
+
+    private void ConfigureListPromptsFilter(McpServerOptions options)
+    {
+        options.Filters.ListPromptsFilters.Add(next => async (context, cancellationToken) =>
+        {
+            var result = await next(context, cancellationToken);
+            await FilterAuthorizedItemsAsync(
+                result.Prompts, static prompt => prompt.McpServerPrompt,
+                context.User, context.Services, context);
+            return result;
+        });
+    }
+
+    private void ConfigureGetPromptFilter(McpServerOptions options)
+    {
+        options.Filters.GetPromptFilters.Add(next => async (context, cancellationToken) =>
+        {
+            var authResult = await GetAuthorizationResultAsync(context.User, context.MatchedPrimitive, context.Services, context);
+            if (!authResult.Succeeded)
+            {
+                throw new McpException("Access forbidden: This prompt requires authorization.", McpErrorCode.InvalidRequest);
+            }
+
+            return await next(context, cancellationToken);
+        });
+    }
+
+    /// <summary>
+    /// Filters a collection of items based on authorization policies in their metadata.
+    /// For list operations where we need to filter results by authorization.
+    /// </summary>
+    private async ValueTask FilterAuthorizedItemsAsync<T>(IList<T> items, Func<T, IMcpServerPrimitive?> primitiveSelector,
+        ClaimsPrincipal? user, IServiceProvider? requestServices, object context)
+    {
+        for (int i = items.Count - 1; i >= 0; i--)
+        {
+            var authorizationResult = await GetAuthorizationResultAsync(
+                user, primitiveSelector(items[i]), requestServices, context);
+
+            if (!authorizationResult.Succeeded)
+            {
+                items.RemoveAt(i);
+            }
+        }
+    }
+
+    private async ValueTask<AuthorizationResult> GetAuthorizationResultAsync(
+        ClaimsPrincipal? user, IMcpServerPrimitive? primitive, IServiceProvider? requestServices, object context)
+    {
+        // If no primitive was found for this request or there is IAllowAnonymous metadata anywhere on the class or method,
+        // the request should go through as normal.
+        if (primitive is null || primitive.Metadata.Any(static m => m is IAllowAnonymous))
+        {
+            return AuthorizationResult.Success();
+        }
+
+        // There are no [Authorize] style attributes applied to the method or containing class. Any fallback policies
+        // have already been enforced at the HTTP request level by the ASP.NET Core authorization middleware.
+        if (!primitive.Metadata.Any(static m => m is IAuthorizeData or AuthorizationPolicy or IAuthorizationRequirementData))
+        {
+            return AuthorizationResult.Success();
+        }
+
+        if (policyProvider is null)
+        {
+            throw new InvalidOperationException($"You must call AddAuthorization() because an authorization related attribute was found on {primitive.Id}");
+        }
+
+        // TODO: Cache policy lookup. We would probably use a singleton (not-static) ConditionalWeakTable<IMcpServerPrimitive, AuthorizationPolicy?>.
+        var policy = await CombineAsync(policyProvider, primitive.Metadata);
+        if (policy is null)
+        {
+            return AuthorizationResult.Success();
+        }
+
+        if (requestServices is null)
+        {
+            // The IAuthorizationPolicyProvider service must be non-null to get to this line, so it's very unexpected for RequestContext.Services to not be set.
+            throw new InvalidOperationException("RequestContext.Services is not set! The IMcpServer must be initialized with a non-null IServiceProvider.");
+        }
+
+        // ASP.NET Core's AuthorizationMiddleware resolves the IAuthorizationService from scoped request services, so we do the same.
+        var authService = requestServices.GetRequiredService<IAuthorizationService>();
+        return await authService.AuthorizeAsync(user ?? new ClaimsPrincipal(new ClaimsIdentity()), context, policy);
+    }
+
+    /// <summary>
+    /// Combines authorization policies and requirements from endpoint metadata without considering <see cref="IAllowAnonymous"/>.
+    /// </summary>
+    /// <param name="policyProvider">The authorization policy provider.</param>
+    /// <param name="endpointMetadata">The endpoint metadata collection.</param>
+    /// <returns>The combined authorization policy, or null if no authorization is required.</returns>
+    private static async ValueTask<AuthorizationPolicy?> CombineAsync(IAuthorizationPolicyProvider policyProvider, IReadOnlyList<object> endpointMetadata)
+    {
+        // https://github.com/dotnet/aspnetcore/issues/63365 tracks adding this as public API to AuthorizationPolicy itself.
+        // Copied from https://github.com/dotnet/aspnetcore/blob/9f2977bf9cfb539820983bda3bedf81c8cda9f20/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs#L116-L138
+        var authorizeData = endpointMetadata.OfType<IAuthorizeData>();
+        var policies = endpointMetadata.OfType<AuthorizationPolicy>();
+
+        var policy = await AuthorizationPolicy.CombineAsync(policyProvider, authorizeData, policies);
+
+        AuthorizationPolicyBuilder? reqPolicyBuilder = null;
+
+        foreach (var m in endpointMetadata)
+        {
+            if (m is not IAuthorizationRequirementData requirementData)
+            {
+                continue;
+            }
+
+            reqPolicyBuilder ??= new AuthorizationPolicyBuilder();
+            foreach (var requirement in requirementData.GetRequirements())
+            {
+                reqPolicyBuilder.AddRequirements(requirement);
+            }
+        }
+
+        if (reqPolicyBuilder is null)
+        {
+            return policy;
+        }
+
+        // Combine policy with requirements or just use requirements if no policy
+        return (policy is null)
+            ? reqPolicyBuilder.Build()
+            : AuthorizationPolicy.Combine(policy, reqPolicyBuilder.Build());
+    }
+}

src/ModelContextProtocol.AspNetCore/HttpMcpServerBuilderExtensions.cs

@@ -1,4 +1,5 @@
 using Microsoft.Extensions.DependencyInjection.Extensions;
+using Microsoft.Extensions.Options;
 using ModelContextProtocol.AspNetCore;
 using ModelContextProtocol.Server;
 
@@ -29,6 +30,9 @@ public static IMcpServerBuilder WithHttpTransport(this IMcpServerBuilder builder
         builder.Services.AddHostedService<IdleTrackingBackgroundService>();
         builder.Services.AddDataProtection();
 
+        // Register authorization filter setup for automatic filter configuration
+        builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IConfigureOptions<McpServerOptions>, AuthorizationFilterSetup>());
+
         if (configureOptions is not null)
         {
             builder.Services.Configure(configureOptions);