WIP Sample

Author: halter73

samples/AspNetCoreMcpServer/ApiKeyStore.cs

@@ -0,0 +1,18 @@
+using System.Collections.Concurrent;
+
+namespace AspNetCoreMcpServer;
+
+public class ApiKeyStore
+{
+    private readonly ConcurrentDictionary<string, string> _keys = new();
+
+    public void SaveKey(string id, string key)
+    {
+        _keys[id] = key;
+    }
+
+    public string? GetKey(string id)
+    {
+        return _keys.TryGetValue(id, out var key) ? key : null;
+    }
+}

samples/AspNetCoreMcpServer/AspNetCoreMcpServer.csproj

@@ -4,7 +4,6 @@
     <TargetFramework>net9.0</TargetFramework>
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
-    <PublishAot>true</PublishAot>
   </PropertyGroup>
 
   <ItemGroup>

samples/AspNetCoreMcpServer/Components/App.razor

@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <base href="/" />
+    <title>AspNetCoreMcpServer</title>
+    <HeadOutlet />
+</head>
+
+<body>
+    <Routes />
+    <script src="_framework/blazor.web.js"></script>
+</body>
+
+</html>

samples/AspNetCoreMcpServer/Components/Pages/ApiKeyPage.razor

@@ -0,0 +1,42 @@
+@page "/apikey"
+@inject ApiKeyStore KeyStore
+
+<h3>Enter API Key</h3>
+
+@if (Submitted)
+{
+    <p>API Key saved. You can close this window and return to the client.</p>
+}
+else
+{
+    <form method="post" @formname="apikey-form" @onsubmit="Submit">
+        <AntiforgeryToken />
+        <input type="hidden" name="Id" value="@Id" />
+        <div>
+            <label>
+                API Key:
+                <input type="text" name="Key" @bind="Key" />
+            </label>
+        </div>
+        <button type="submit">Submit</button>
+    </form>
+}
+
+@code {
+    [SupplyParameterFromQuery]
+    public string? Id { get; set; }
+
+    [SupplyParameterFromForm]
+    public string? Key { get; set; }
+
+    public bool Submitted { get; set; }
+
+    private void Submit()
+    {
+        if (!string.IsNullOrEmpty(Id) && !string.IsNullOrEmpty(Key))
+        {
+            KeyStore.SaveKey(Id, Key);
+            Submitted = true;
+        }
+    }
+}

samples/AspNetCoreMcpServer/Components/Routes.razor

@@ -0,0 +1,5 @@
+<Router AppAssembly="typeof(Program).Assembly">
+    <Found Context="routeData">
+        <RouteView RouteData="routeData" />
+    </Found>
+</Router>

samples/AspNetCoreMcpServer/Components/_Imports.razor

@@ -0,0 +1,8 @@
+@using System.Net.Http
+@using System.Net.Http.Json
+@using Microsoft.AspNetCore.Components.Forms
+@using Microsoft.AspNetCore.Components.Routing
+@using Microsoft.AspNetCore.Components.Web
+@using Microsoft.JSInterop
+@using AspNetCoreMcpServer
+@using AspNetCoreMcpServer.Components

samples/AspNetCoreMcpServer/Program.cs

@@ -4,10 +4,19 @@
 using AspNetCoreMcpServer.Tools;
 using AspNetCoreMcpServer.Resources;
 using System.Net.Http.Headers;
+using AspNetCoreMcpServer;
+using AspNetCoreMcpServer.Components;
+using ModelContextProtocol.Protocol;
 
 var builder = WebApplication.CreateBuilder(args);
+
+builder.Services.AddSingleton<ApiKeyStore>();
+builder.Services.AddRazorComponents();
+builder.Services.AddHttpContextAccessor();
+
 builder.Services.AddMcpServer()
     .WithHttpTransport()
+    .WithTools<UrlElicitationTool>()
     .WithTools<EchoTool>()
     .WithTools<SampleLlmTool>()
     .WithTools<WeatherTools>()
@@ -30,8 +39,21 @@
     client.DefaultRequestHeaders.UserAgent.Add(new ProductInfoHeaderValue("weather-tool", "1.0"));
 });
 
+builder.Services.AddCors(options =>
+{
+    options.AddDefaultPolicy(policy =>
+    {
+        policy.AllowAnyOrigin()
+              .AllowAnyHeader()
+              .AllowAnyMethod();
+    });
+});
+
 var app = builder.Build();
 
+app.UseAntiforgery();
+app.UseCors();
+app.MapRazorComponents<App>();
 app.MapMcp();
 
 app.Run();

samples/AspNetCoreMcpServer/Tools/UrlElicitationTool.cs

@@ -0,0 +1,52 @@
+using ModelContextProtocol;
+using ModelContextProtocol.Protocol;
+using ModelContextProtocol.Server;
+using System.ComponentModel;
+
+namespace AspNetCoreMcpServer.Tools;
+
+[McpServerToolType]
+public class UrlElicitationTool(ApiKeyStore apiKeyStore, IHttpContextAccessor httpContextAccessor, ILogger<UrlElicitationTool> logger)
+{
+    [McpServerTool, Description("Requests an API Key from the user via out-of-band elicitation.")]
+    public async Task<string> NeedsApiKey(McpServer server, CancellationToken cancellationToken)
+    {
+        var httpContext = httpContextAccessor.HttpContext;
+        if (httpContext == null)
+        {
+             throw new InvalidOperationException("No HttpContext available.");
+        }
+
+        var elicitationId = Guid.NewGuid().ToString();
+        var request = httpContext.Request;
+        var baseUrl = $"{request.Scheme}://{request.Host}";
+        var url = $"{baseUrl}/apikey?id={elicitationId}";
+
+        if (server.ClientCapabilities?.Elicitation?.Url is null)
+        {
+            //throw new McpException("Client does not support URL elicitation.");
+        }
+
+        var result = await server.ElicitAsync(new ElicitRequestParams
+        {
+            Mode = "url",
+            ElicitationId = elicitationId,
+            Url = url,
+            Message = "Please provide your API Key to continue."
+        }, cancellationToken);
+
+        if (!result.IsAccepted)
+        {
+            throw new McpException("User declined to provide API Key.");
+        }
+
+        var key = apiKeyStore.GetKey(elicitationId);
+        if (key is null)
+        {
+            throw new McpException("User accepted but no key found.");
+        }
+
+        logger.LogInformation("Received API Key for session: {SessionId}", server.SessionId);
+        return "API Key received and stored.";
+    }
+}