Creating AI Agents Using the Model Context Protocol: A Comprehensive Guide to Implementation with C#
This article provides a hands-on tutorial for building AI agents using the Model Context Protocol (MCP) and C#, an open standard that enables Large Language Models (LLMs)
Join the DZone community and get the full member experience.
Join For FreeThe fast development of Large Language Models (LLMs) has permanently changed artificial intelligence applications because it provides capabilities for natural language understanding and generation along with reasoning abilities. The remarkable achievements of LLMs remain limited because these models cannot access real-time data sources nor utilize external computational tools [2]. The isolation prevents these models from delivering up-to-date information while restricting their capacity to work with evolving systems and to execute tasks beyond text generation.
The current methods for resolving this problem require developers to build application-specific connections for each data source or tool, leading to complex systems that are difficult to manage, scale, and standardize across AI applications. Implementing communication protocols, authentication mechanisms, and data transformation logic requires custom work for each integration project, resulting in high development costs and system incompatibility across systems [3].
The Model Context Protocol solves these problems through its universal interface standard, which enables external resource connections for AI systems. MCP operates on a basic principle: creating an "AI application USB-C port" that enables any MCP-compliant client to connect to any MCP-compliant server without knowledge of implementation specifics [1].
Through its standardization approach, the MCP provides essential benefits to developers who build AI agents. The API surface remains uniform across all connections, simplifying the integration of multiple data sources. The standardized authentication and authorization mechanisms improve security and privacy controls. Standardization enables the creation of reusable components that organizations and various AI applications can use.
MCP offers advantages that extend past functional usability. The standard protocol of MCP enables the development of an ecosystem that enables AI agents to shift between various tools and data sources without losing context and state. Building sophisticated AI agents — which need to execute complex multi-step tasks — demands the ability to interact with multiple systems.
The C# programming language and .NET ecosystem represent an optimal foundation for developing MCP-based AI agents. The official C# SDK is a collaborative project between Anthropic and Microsoft that leverages modern .NET application capabilities for dependency injection, hosting, and configuration [4]. Integration enables developers to create scalable, maintainable AI agents that operate across diverse deployment environments, from local development machines to cloud-based production systems.
The document provides a comprehensive manual for establishing and deploying MCP-based AI agents in C#. This paper investigates the protocol architecture, examines implementation patterns, and demonstrates how to develop effective AI agents using MCP features while meeting security, performance, and maintenance requirements.
Model Context Protocol Fundamentals
The Model Context Protocol bases its structure on widely recognized communication standards and design principles that aim to achieve interoperability, together with security and extendibility. The MCP utilizes JSON-RPC 2.0 as its message format, which provides an efficient yet powerful framework for remote procedure calls between clients and servers [5]. The designers made a conscious choice to adopt established, proven technologies rather than developing fresh communication approaches.
The protocol architecture uses a client-server model in which AI applications (hosts) run MCP clients that connect to MCP servers. Through these servers' various capabilities, including resources, tools, and prompts, they become accessible to connected clients. The system components maintain an asymmetric structure because clients begin the connection process before making requests to servers, while servers only respond to requests and have the option to start sampling requests [1].
MCP incorporates fundamental elements from the Language Server Protocol (LSP), which standardized development tool interactions with programming language services across the entire software development ecosystem [6]. MCP functions similarly to LSP by allowing any AI application to connect to any data source or tool using standardized interfaces.
The protocol's architecture establishes capability negotiation as its essential mechanism to ensure compatibility between clients and servers. Both parties conduct an initial connection handshake to exchange capability information and determine their mutually available functions. The negotiation procedure allows systems to maintain connectivity when clients or servers implement different feature sets despite version conflicts and capability discrepancies [7].
Security and trust considerations are deeply embedded in MCP's architectural design.
The protocol recognizes its ability to deliver strong capabilities through arbitrary data access and code execution, which demands strict focus on user consent, data privacy, and tool safety [1]. The security considerations form essential design elements of the protocol, which enable safe deployment of MCP-based systems in production environments.
Core Components and Capabilities
The MCP system includes multiple essential elements that function together to achieve full integration between AI systems and external resources. The successful development of MCP-based AI agents requires a thorough understanding of these components.
Resources act as the primary data access tool within MCP. Through resources, servers can present standardized content and contextual information to both AI models and users. Every resource receives its own distinctive URI, which enables identification and represents content ranging from basic text files to complicated structured information. The resource abstraction system enables servers to distribute data without requiring clients to understand storage methods or access protocols [8].
Resources deliver both permanent and dynamic content to users. Static resources consist of stable content that remains unmodified for most periods of time and includes documentation and configuration files. The second category of resources includes dynamic content that produces output from present system data and external environmental factors, thus allowing real-time information integration.
MCP servers function as data bridges between AI systems, live databases, APIs, and monitoring systems because they offer this flexibility.
The action-oriented component of MCP comprises tools that enable AI models to run functions and execute operations within connected systems. The definition process of tools includes complete schema details that define their required input parameters, together with expected output results and behavioral descriptions. The schema-driven model enables AI models to understand tool usage correctly while preserving type safety and validation [9].
MCP tool execution mechanisms prioritize both system safety and user management as their fundamental design principles. Users must grant explicit permission before tool invocations can proceed, and the protocol permits users to inspect the tool use before running it. AI agents can execute sophisticated automation tasks through this approach while maintaining protection from unauthorized activities.
Through Prompts, servers can reveal pre-built communication templates as well as workflow templates that AI applications can use. Resources and tools exist mainly to feed AI models, but prompts exist to support human-AI interaction by offering structured templates for tasks and queries. The templates contain customizable parameters that obtain their values from the current context [10].
Through the prompt system, developers can create reusable interaction patterns that function across various AI applications. The functionality proves most beneficial for organizations that need to establish standard AI interactions or create step-by-step assistance for users who lack proficiency in optimal prompt strategies.
Transport Layer and Communication Mechanisms
MCP's transport layer provides the foundation for communication between clients and servers, supporting multiple transport mechanisms to accommodate different deployment scenarios and requirements. The protocol's transport-agnostic design ensures that the same application logic can work across various communication channels without modification.
Standard Input/Output (stdio) Transport represents the most common transport mechanism for MCP implementations. This approach leverages the universal availability of standard input and output streams across all operating systems and programming environments. Stdio transport is particularly well-suited for local development scenarios and situations where MCP servers are deployed as separate processes that can be launched and managed by the client application [11].
The stdio transport model offers several advantages for development and testing. It enables straightforward debugging via standard logging mechanisms, supports simple lifecycle management for processes, and requires minimal configuration. Additionally, stdio transport naturally provides process isolation, ensuring that server failures do not directly impact client applications.
HTTP Transport extends MCP's reach to distributed systems and web-based deployments. By supporting standard HTTP protocols, MCP servers can be deployed as web services accessible from any network-connected client. This transport mechanism enables scenarios such as shared MCP servers that serve multiple client applications or cloud-based deployments where servers and clients operate in different environments [12]. HTTP transport introduces additional considerations around authentication, authorization, and network security. MCP's design accommodates these requirements through extensible header mechanisms and support for standard HTTP security practices. The protocol also defines specific requirements for handling HTTP-specific concerns such as connection pooling, timeout management, and error handling.
Server-Sent Events (SSE) Transport provides a hybrid approach that combines the benefits of HTTP-based communication with real-time streaming capabilities. SSE transport enables servers to push updates to clients without requiring constant polling, making it ideal for scenarios involving real-time data feeds or long-running operations [13]. The SSE transport mechanism is particularly valuable for AI agents that need to maintain awareness of changing external conditions or receive notifications about relevant events. This capability enables the development of more responsive and context-aware AI systems that can react to external changes without requiring explicit user intervention.
Figure 1: Model Context Protocol Architecture showing the relationship between hosts,
clients, servers, and external systems through the protocol layer.
C# SDK Implementation and Architecture
The official C# SDK for the Model Context Protocol represents a complete implementation that utilizes all features of the .NET ecosystem. The SDK exists as three separate packages, which Anthropic and Microsoft developed together to serve different application needs and deployment requirements [14].
The ModelContextProtocol package functions as the main starting point for most applications. The package includes hosting extensions and dependency injection integration together with high-level abstractions that follow modern .NET development standards. The package functions perfectly with Microsoft.Extensions.Hosting framework to let developers create MCP servers and clients through established patterns and conventions [15].
The ModelContextProtocol.Core package provides a simplified version for applications that need basic dependencies or want to execute low-level protocol operations directly. The package includes essential client and server APIs together with protocol type definitions and transport abstractions but excludes hosting and dependency injection features. The SDK supports various deployment scenarios due to its design, which enables deployment from simple console applications to complex distributed systems [16].
The ModelContextProtocol.AspNetCore package provides HTTP-based MCP server capabilities for ASP.NET Core applications. The package includes middleware and routing extensions and Server-Sent Events (SSE) support, which enables MCP servers to run as web services. The integration with ASP.NET Core's pipeline enables MCP servers to utilize the framework's built-in authentication and authorization features as well as logging and monitoring capabilities [17].
The SDK's modular design demonstrates a well-considered approach to SDK development that combines usability with adaptability. Developers select the required package according to their needs, so their applications contain only necessary dependencies. This method proves essential for cloud-native environments because it helps reduce resource usage and startup duration.
Dependency Injection and Service Configuration
The integration of the C# SDK with Microsoft's dependency injection framework represents one of its most significant architectural advantages. This integration enables developers to leverage the same patterns and practices they use in other .NET applications, reducing the learning curve and improving code maintainability [18]. The SDK provides extension methods that integrate seamlessly with the IServiceCollection interface, allowing MCP servers and clients to be configured alongside other application services. This approach enables sophisticated scenarios such as injecting external services into MCP tools, configuring multiple transport mechanisms, and implementing custom authentication and authorization logic. Service registration follows a fluent configuration pattern that enables developers to specify exactly which capabilities their MCP server should expose.
The WithToolsFromAssembly() method, for example, uses reflection to automatically discover and register methods marked with the McpServerTool attribute, eliminating the need for manual registration while maintaining type safety [19]. The dependency injection integration also enables sophisticated testing scenarios. Because MCP tools and resources are registered as services, they can be easily mocked or replaced with test implementations during unit testing. This capability is essential for building reliable, testable AI agents that can be validated independently of their external dependencies.
Transport Layer Implementation
The C# SDK includes transport features, which offer abstracted communication options for MCP interfaces. The abstraction enables the same application logic to work across multiple transport types without modification, thus providing deployment and integration flexibility [20].
Stdio Transport Implementation utilizes standard input and output streams, which are universally available, to provide a basic yet efficient communication system. The SDK handles all process management tasks and stream buffering and error handling to provide developers with a straightforward interface.
This transport type functions best for both local development environments and scenarios that include separate process-based MCP server deployment.
The stdio transport implementation provides both error detection and recovery functionality. The SDK responds to communication errors by providing specific error messages while it tries to restore the connection. The system needs to be robust in order to ensure production readiness since reliability stands as the main priority.
The HTTP Transport Implementation enables MCP to operate in distributed environments as well as web deployments. The SDK utilizes ASP.NET Core's established HTTP handling features to develop a robust and scalable base for HTTP-based MCP servers. This implementation provides support for common HTTP functions that include compression, caching, and connection pooling [21].
The HTTP transport implementation addresses specific difficulties that come with web-based AI agent deployment. Web-based AI applications can connect to MCP servers through cross-origin resource sharing (CORS) support, and production deployments use standard HTTP authentication mechanisms. The implementation includes complete logging and monitoring functions, which integrate with ASP.NET Core's built-in observability features.
Server-Sent Events (SSE) Transport delivers real-time streaming features along with HTTP-based communication advantages. The transport method delivers particular value to AI agents that need external condition monitoring and relevant event notification capabilities [22].
The C# SDK handles the complexities of long-lived connections through its SSE implementation, which provides developers with an easy programming model. The SDK manages connection lifecycles automatically, maintains smooth client disconnections, and provides tools for broadcasting updates to several connected clients.
Figure 2: MCP Communication Flow showing the sequence of interactions between
client and server components.
Practical Implementation Examples
This example illustrates the core concepts involved in constructing an MCP server using the C# SDK. This article demonstrates the simple setup needed to form a working MCP server with tools exposed to the clients that get connected.
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
using ModelContextProtocol.Server;
using System.ComponentModel;
namespace MCPExamples
{
public class Program
{
public static async Task Main(string[] args)
{
var builder = Host.CreateApplicationBuilder(args);
// Configure logging to stderr for MCP compatibility
builder.Logging.AddConsole(consoleLogOptions =>
{
consoleLogOptions.LogToStandardErrorThreshold = LogLevel.Trace;
});
// Configure MCP server with stdio transport and tool discovery
builder.Services
.AddMcpServer()
.WithStdioServerTransport()
.WithToolsFromAssembly();
await builder.Build().RunAsync();
}
}
[McpServerToolType]
public static class BasicTools
{
[McpServerTool, Description("Echoes the provided message back to the
client")]
public static string Echo(
[Description("The message to echo back")] string message)
{
return $"Echo: {message}";
}
[McpServerTool, Description("Calculates the length of the provided
text")]
public static int TextLength(
[Description("The text to measure")] string text)
{
return text?.Length ?? 0;
}
}
}This basic implementation demonstrates several key concepts. The Host.CreateApplicationBuilder() method creates a .NET application that includes dependency injection and configuration and logging capabilities. The logging configuration directs output to standard error because standard output is reserved for protocol communication [23].
The AddMcpServer() extension method enables the necessary services for MCP server functionality, while WithStdioServerTransport() configures the server to use standard input/output for communication. We utilize the WithToolsFromAssembly() method. The tool discovery process automatically finds tools that have the required attributes, so manual registration becomes unnecessary.
The tool implementation shows how to expose functionality through attributes. A class becomes an MCP tool container when it receives the McpServerToolType attribute, and individual methods become tools through the McpServerTool attribute. The description attributes contain human-readable text, which helps AI models understand tool usage.
Advanced Server with External Service Integration
Most complex MCP servers need to connect with external databases and services and APIs. The following example shows how to create an MCP server that uses dependency injection to access external services while keeping business logic separate from the MCP-specific code.
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using ModelContextProtocol.Server;
using System.ComponentModel;
using System.Text.Json;
namespace MCPExamples.Advanced
{
public class Program
{
public static async Task Main(string[] args)
{
var builder = Host.CreateApplicationBuilder(args);
// Register external services
builder.Services.AddHttpClient();
builder.Services.AddSingleton<IWeatherService, WeatherService>();
builder.Services.AddSingleton<IDataAnalysisService,
DataAnalysisService>();
builder.Services
.AddMcpServer()
.WithStdioServerTransport()
.WithToolsFromAssembly()
.WithPromptsFromAssembly();
await builder.Build().RunAsync();
}
}
[McpServerToolType]
public static class AdvancedTools
{
[McpServerTool, Description("Gets current weather information for a
specified location")]
public static async Task<string> GetWeather(
IWeatherService weatherService,
[Description("The location to get weather for")] string location)
{
var weather = await weatherService.GetWeatherAsync(location);
return JsonSerializer.Serialize(weather, new JsonSerializerOptions
{ WriteIndented = true });
}
[McpServerTool, Description("Performs statistical analysis on numerical
data")]
public static async Task<string> AnalyzeData(
IDataAnalysisService analysisService,
[Description("Array of numerical values to analyze")] double[]
data)
{
var analysis = await analysisService.AnalyzeDataAsync(data);
var report = await analysisService.GenerateReportAsync(analysis);
return report;
}
}
}
The advanced example presents essential patterns for constructing production-ready MCP servers. The external services dependency injection through IWeatherService and IDataAnalysisService enables clean separation between MCP-specific logic and business logic. The code separation enables better testability and maintainability and allows business logic reuse between different contexts [24].
The use of interfaces for external services allows developers to create complex testing scenarios by replacing services with mock implementations during unit tests. This approach is
The method is key to creating dependable AI agents that can prove their functionality without external dependencies.
Client Implementation and Integration Patterns
The MCP clients enable AI applications to connect and communicate with MCP servers. The example below shows how to create a full MCP client able to detect and utilize server capabilities.
using ModelContextProtocol;
using ModelContextProtocol.Client;
using Microsoft.Extensions.AI;
using System.Text.Json;
namespace MCPExamples.Client
{
public class MCPClientExample
{
private IMcpClient? _client;
public async Task<bool> ConnectToServerAsync(string serverCommand,
string[] arguments)
{
try
{
var clientTransport = new StdioClientTransport(new
StdioClientTransportOptions
{
Name = "ExampleClient",
Command = serverCommand,
Arguments = arguments
});
_client = await McpClientFactory.CreateAsync(clientTransport);
return true;
}
catch (Exception ex)
{
Console.WriteLine($"Failed to connect to server:
{ex.Message}");
return false;
}
}
public async Task<string?> ExecuteToolAsync(string toolName,
Dictionary<string, object?> arguments)
{
if (_client == null) return null;
try
{
var result = await _client.CallToolAsync(toolName, arguments,
CancellationToken.None);
var textContent = result.Content.FirstOrDefault(c => c.Type ==
"text");
return textContent?.Text;
}
catch (Exception ex)
{
Console.WriteLine($"Error executing tool {toolName}:
{ex.Message}");
return null;
}
}
}
}
The client implementation presents basic patterns for MCP server connection and interaction. The StdioClientTransport configuration defines both server process launch methods and server process communication protocols while the McpClientFactory.CreateAsync() method handles server connection establishment and capability negotiation [25].
The tool execution pattern of ExecuteToolAsync() shows how to start server tools and process their outcomes. The method provides detailed error handling to let client applications handle server failures and communication problems properly.
using ModelContextProtocol;
using ModelContextProtocol.Client;
using Microsoft.Extensions.AI;
using System.Text.Json;
namespace MCPExamples.Client
{
public class MCPClientExample
{
private IMcpClient? _client;
public async Task<bool> ConnectToServerAsync(string serverCommand,
string[] arguments)
{
try
{
var clientTransport = new StdioClientTransport(new
StdioClientTransportOptions
{
Name = "ExampleClient",
Command = serverCommand,
Arguments = arguments
});
_client = await McpClientFactory.CreateAsync(clientTransport);
return true;
}
catch (Exception ex)
{
Console.WriteLine($"Failed to connect to server:
{ex.Message}");
return false;
}
}
public async Task<string?> ExecuteToolAsync(string toolName,
Dictionary<string, object?> arguments)
{
if (_client == null) return null;
try
{
var result = await _client.CallToolAsync(toolName, arguments,
CancellationToken.None);
var textContent = result.Content.FirstOrDefault(c => c.Type ==
"text");
return textContent?.Text;
}
catch (Exception ex)
{
Console.WriteLine($"Error executing tool {toolName}:
{ex.Message}");
return null;
}
}
}
}
The client implementation presents basic patterns for MCP server connection and interaction. The StdioClientTransport configuration defines both server process launch methods and server process communication protocols while the McpClientFactory.CreateAsync() method handles server connection establishment and capability negotiation [25].
The tool execution pattern of ExecuteToolAsync() shows how to start server tools and process their outcomes. The method provides detailed error handling to let client applications handle server failures and communication problems properly.
ASP. NET Core HTTP Server Implementation
The ASP.NET Core package offers complete HTTP-based MCP server support for scenarios that need web-based deployment or integration with existing web applications.
using Microsoft.AspNetCore.Builder;
using Microsoft.Extensions.DependencyInjection;
using ModelContextProtocol.AspNetCore;
using ModelContextProtocol.Server;
namespace MCPExamples.AspNetCore
{
public class Program
{
public static void Main(string[] args)
{
var builder = WebApplication.CreateBuilder(args);
// Configure services
builder.Services.AddHttpClient();
builder.Services.AddSingleton<IDocumentService, DocumentService>();
// Configure MCP server with HTTP transport
builder.Services
.AddMcpServer()
.WithHttpServerTransport()
.WithToolsFromAssembly();
// Add CORS for web client access
builder.Services.AddCors(options =>
{
options.AddDefaultPolicy(policy =>
{
policy.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader();
});
});
var app = builder.Build();
app.UseCors();
app.UseRouting();
app.MapMcpServer();
app.Run();
}
}
}
The ASP.NET Core package offers complete HTTP-based MCP server support for scenarios that need web-based deployment or integration with existing web applications.
The ASP.NET Core implementation shows how MCP servers can be incorporated into web applications. The WithHttpServerTransport() method sets up HTTP-based MCP communication for the server, and MapMcpServer() adds required endpoints to the ASP.NET Core routing system [26].
The ASP.NET Core implementation shows how MCP servers can be incorporated into web applications. The WithHttpServerTransport() method sets up HTTP-based MCP communication for the server, and MapMcpServer() adds required endpoints to the ASP.NET Core routing system [26].
The CORS configuration allows web-based AI applications to establish connections with the MCP server, thus enabling various client implementations. The capability serves as a crucial element for constructing AI agents that run inside web browsers and other web-based systems.
Security Considerations And Best Practices
Security Architecture and Trust Models
The design of the Model Context Protocol specifically addresses security risks that arise from allowing AI systems to access external data sources and execute arbitrary code. The security model of the protocol depends on user consent and control to allow users to maintain authority over data sharing and actions performed on their behalf [27].
The security architecture consists of multiple layers that protect different aspects of trust relationships between users and AI applications and external systems. MCP defines specific protocol-level boundaries that determine which responsibilities belong to clients and servers while requiring explicit authorization for sensitive operations. The client-server architecture establishes natural barriers between AI applications and external resources, which blocks unauthorized direct access to security controls.
User consent mechanisms establish the fundamental security framework of MCP. All tool invocations need user authorization for execution, and the protocol defines common methods for clients to show tool descriptions along with arguments to users before execution. The method allows users to understand the consequences of each action before execution while maintaining human oversight of AI agent activities [28].
The protocol design incorporates data privacy protections at every stage. Hosts need to get direct user permission before they can reveal user data to servers, and the protocol offers tools to manage data transmission to external systems. The implemented protections play a crucial role in enterprise environments because they help organizations maintain strict control over sensitive data while performing necessary audits.
Authentication and Authorization Patterns
The C# SDK enables developers to create flexible authentication and authorization systems for MCP-based systems. The security requirements determine how these mechanisms should be adapted to work with various authentication systems ranging from basic API key authentication to complex identity management systems for enterprises [29].
The SDK uses ASP.NET Core authentication and authorization features to support HTTP-based MCP servers. The standard authentication schemes JWT tokens, OAuth 2.0, and Azure Active Directory integration become available through this integration. The following example shows how to set up authentication for an HTTP-based MCP server:
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = Configuration["Jwt:Issuer"],
ValidAudience = Configuration["Jwt:Audience"],
IssuerSigningKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(Configuration["Jwt:Key"]))
};
});
services.AddAuthorization(options =>
{
options.AddPolicy("MCPAccess", policy =>
policy.RequireAuthenticatedUser()
.RequireClaim("scope", "mcp:read", "mcp:write"));
});
services.AddMcpServer()
.WithHttpServerTransport()
.WithToolsFromAssembly();
}
This configuration shows how standard .NET authentication patterns can be used for MCP servers to restrict server capabilities to authorized clients. The policy-based authorization system allows administrators to establish detailed permissions for user access to particular tools and resources.
The authentication process for stdio-based MCP servers happens at the process level through operating system security mechanisms. The SDK provides configuration options that let servers authenticate clients through environment variables and command-line arguments and configuration files. Process-level isolation works well for local development environments and similar security scenarios.
Input Validation and Sanitization
MCP servers require robust input validation because they handle user data entries and execute external commands. The C# SDK delivers multiple security protection features for complete input validation [30].
The attribute-based tool definition system enables standard .NET validation attributes for parameter validation through its built-in functionality. This example shows how to establish complete input validation for MCP tools:
[McpServerToolType]
public static class SecureTools
{
[McpServerTool, Description("Processes user data with comprehensive
validation")]
public static async Task<string> ProcessUserData(
[Description("User email address")]
[EmailAddress]
[Required]
string email,
[Description("User age")]
[Range(0, 150)]
int age,
[Description("User input text")]
[StringLength(1000, MinimumLength = 1)]
[RegularExpression(@"^[a-zA-Z0-9\s\.,!?-]*$")]
string inputText)
{
// Additional custom validation logic
if (ContainsSuspiciousContent(inputText))
{
throw new ArgumentException("Input contains potentially harmful
content");
}
// Process validated input
return await ProcessValidatedInput(email, age, inputText);
}
private static bool ContainsSuspiciousContent(string input)
{
var suspiciousPatterns = new[]
{
@"<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>",
@"javascript:",
@"vbscript:",
@"on\w+\s*="
};
return suspiciousPatterns.Any(pattern =>
Regex.IsMatch(input, pattern, RegexOptions.IgnoreCase));
}
}
This example shows different validation methods, starting with standard.NET validation attributes and extending to custom validation checks for dangerous content. The complete security approach enables MCP tools to accept user input safely without exposing system vulnerabilities to injection attacks or other security threats.
Error Handling and Logging
Security together with production issue diagnosis requires proper error handling and logging systems. The C# SDK connects to .NET's built-in logging framework to deliver complete observability features [31].
The SDK handles errors through an approach that combines security measures with user-friendly error messages that prevent attackers from obtaining sensitive information. The following example demonstrates secure error handling patterns:
[McpServerToolType]
public static class SecureErrorHandling
{
private static readonly ILogger _logger = LoggerFactory.Create(builder =>
builder.AddConsole()).CreateLogger<SecureErrorHandling>();
[McpServerTool, Description("Demonstrates secure error handling")]
public static async Task<string> SecureOperation(
[Description("Operation parameter")] string parameter)
{
try
{
// Log the operation attempt (without sensitive data)
_logger.LogInformation("Executing secure operation with parameter
length: {Length}",
parameter?.Length ?? 0);
// Perform the operation
var result = await PerformSensitiveOperation(parameter);
_logger.LogInformation("Secure operation completed successfully");
return result;
}
catch (ArgumentException ex)
{
// Log validation errors with details for debugging
_logger.LogWarning("Validation error in secure operation:
{Message}", ex.Message);
throw new McpException("Invalid parameter provided");
}
catch (UnauthorizedAccessException ex)
{
// Log security violations without exposing details
_logger.LogError("Unauthorized access attempt in secure
operation");
throw new McpException("Access denied");
}
catch (Exception ex)
{
// Log unexpected errors with full details for debugging
_logger.LogError(ex, "Unexpected error in secure operation");
throw new McpException("An error occurred while processing the
request");
}
}
}
This error-handling scheme guarantees that there is sufficient error information, and this is the case for the debugging and monitoring process without the disclosure of sensitive information through error messages. The use of structured logging allows efficient monitoring and alerting for production.
Performance Optimization and Scalability
Connection Management and Resource Optimization
An efficient connection management system is the key to enabling scalable MCP-based AI agents. Multiple tools are also provided by C# SDK to allow users to optimize resource utilization and connection management for various deployment environments [32].
The SDK uses advanced process lifecycle management to reduce resource usage without compromising system responsiveness in stdio-based connections. The connection pooling system allows different logical connections to use the same transport resources, which decreases the costs of process creation and management.
The HTTP-based MCP servers leverage ASP.NET Core's established scalability features, which include connection pooling together with request pipelining and memory management efficiency. The SDK's integration with these features allows MCP servers to manage high-throughput operations without compromising reliability or performance.
The next example demonstrates how to use connection management for optimal performance:
public void ConfigureServices(IServiceCollection services)
{
// Configure HTTP client with optimized settings
services.AddHttpClient<IExternalService, ExternalService>(client =>
{
client.Timeout = TimeSpan.FromSeconds(30);
client.DefaultRequestHeaders.Add("User-Agent", "MCP-Server/1.0");
})
.ConfigurePrimaryHttpMessageHandler(() => new HttpClientHandler
{
MaxConnectionsPerServer = 10,
PooledConnectionLifetime = TimeSpan.FromMinutes(5)
});
// Configure MCP server with performance optimizations
services.AddMcpServer(options =>
{
options.MaxConcurrentConnections = 100;
options.ConnectionTimeout = TimeSpan.FromMinutes(10);
options.EnableConnectionPooling = true;
})
.WithHttpServerTransport()
.WithToolsFromAssembly();
}Caching and Data Management Strategies
MCP-based AI agents performed better thanks to efficient caching strategies when decision-making entails costly computation or database retrieval. Developers that are using the C# SDK can integrate their applications with a variety of caching systems (from basic in-memory to distributed ones) [33]. The next example demonstrates how to enhance MCP tools with caching.
[McpServerToolType]
public static class CachedTools
{
private static readonly IMemoryCache _cache = new MemoryCache(new
MemoryCacheOptions
{
SizeLimit = 1000
});
[McpServerTool, Description("Gets cached weather data")]
public static async Task<string> GetCachedWeather(
IWeatherService weatherService,
[Description("Location to get weather for")] string location)
{
var cacheKey = $"weather:{location.ToLowerInvariant()}";
if (_cache.TryGetValue(cacheKey, out string cachedResult))
{
return cachedResult;
}
var weather = await weatherService.GetWeatherAsync(location);
var result = JsonSerializer.Serialize(weather);
var cacheOptions = new MemoryCacheEntryOptions
{
AbsoluteExpirationRelativeToNow = TimeSpan.FromMinutes(15),
Size = 1
};
_cache.Set(cacheKey, result, cacheOptions);
return result;
}
}
This caching system shows how to maintain performance levels while keeping data fresh by making frequently needed information easily accessible while avoiding outdated content delivery to users.
Testing and Quality Assurance
Unit Testing Strategies for MCP Components
The testing of MCP-based AI agents needs specialized methods that understand both system distribution and AI interaction complexity. The C# SDK allows complete testing because it uses dependency injection and interface-based abstractions [34].
The following example shows how to write effective unit tests for MCP tools:
[TestClass]
public class MCPToolTests
{
private Mock<IWeatherService> _mockWeatherService;
private Mock<ILogger<WeatherTools>> _mockLogger;
[TestInitialize]
public void Setup()
{
_mockWeatherService = new Mock<IWeatherService>();
_mockLogger = new Mock<ILogger<WeatherTools>>();
}
[TestMethod]
public async Task GetWeather_ValidLocation_ReturnsWeatherData()
{
// Arrange
var expectedWeather = new WeatherData
{
Location = "New York",
Temperature = 22.5,
Description = "Sunny"
};
_mockWeatherService
.Setup(s => s.GetWeatherAsync("New York"))
.ReturnsAsync(expectedWeather);
// Act
var result = await WeatherTools.GetWeather(_mockWeatherService.Object,
"New York");
// Assert
Assert.IsNotNull(result);
var weatherData = JsonSerializer.Deserialize<WeatherData>(result);
Assert.AreEqual("New York", weatherData.Location);
Assert.AreEqual(22.5, weatherData.Temperature);
}
[TestMethod]
public async Task GetWeather_ServiceThrowsException_HandlesGracefully()
{
// Arrange
_mockWeatherService
.Setup(s => s.GetWeatherAsync(It.IsAny<string>()))
.ThrowsAsync(new HttpRequestException("Service unavailable"));
// Act & Assert
await Assert.ThrowsExceptionAsync<HttpRequestException>(
() => WeatherTools.GetWeather(_mockWeatherService.Object,
"Invalid"));
}
}Integration Testing and End-to-End Validation
Integration testing of MCP systems needs coordinated testing of multiple system components with possible external dependencies. The SDK includes testing utilities, which help developers create extensive integration testing scenarios [35].
[TestClass]
public class MCPIntegrationTests
{
private TestServer _testServer;
private HttpClient _httpClient;
private IMcpClient _mcpClient;
[TestInitialize]
public async Task Setup()
{
var builder = WebApplication.CreateBuilder();
builder.Services.AddMcpServer()
.WithHttpServerTransport()
.WithToolsFromAssembly();
var app = builder.Build();
app.MapMcpServer();
_testServer = new TestServer(app);
_httpClient = _testServer.CreateClient();
var transport = new HttpClientTransport(_httpClient,
"http://localhost");
_mcpClient = await McpClientFactory.CreateAsync(transport);
}
[TestMethod]
public async Task EndToEndToolExecution_Success()
{
// Act
var tools = await _mcpClient.ListToolsAsync();
var echoTool = tools.FirstOrDefault(t => t.Name == "Echo");
Assert.IsNotNull(echoTool);
var result = await _mcpClient.CallToolAsync("Echo",
new Dictionary<string, object?> { ["message"] = "Test" });
// Assert
Assert.IsNotNull(result);
var textContent = result.Content.FirstOrDefault(c => c.Type == "text");
Assert.IsNotNull(textContent);
Assert.AreEqual("Echo: Test", textContent.Text);
}
}Deployment and Production Considerations
The deployment of MCP-based AI agents through modern practices typically uses containerization to achieve environment consistency. The C# SDK enables container-based deployment through built-in .NET container functionality [36]. However, traditional non-containerized, on-premise, or cloud-based environments remain in use by numerous businesses today. The focus of this paper is on container-based deployment.
Container-Based Deployment Strategies
The deployment of MCP-based AI agents through modern practices typically uses containerization to achieve environment consistency. The C# SDK enables container-based deployment through built-in .NET container functionality [36].
The following Dockerfile shows how to create a container for an MCP server:
FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS base
WORKDIR /app
EXPOSE 80
EXPOSE 443
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
WORKDIR /src
COPY ["MCPServer.csproj", "."]
RUN dotnet restore "MCPServer.csproj"
COPY . .
WORKDIR "/src"
RUN dotnet build "MCPServer.csproj" -c Release -o /app/build
FROM build AS publish
RUN dotnet publish "MCPServer.csproj" -c Release -o /app/publish
FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "MCPServer.dll"]
Monitoring and Observability
MCP systems deployed in production need extensive monitoring systems and observability tools for both reliable operation and efficient troubleshooting. The C# SDK connects to .NET observability features for delivering detailed system behavior information [37].
public void ConfigureServices(IServiceCollection services)
{
// Configure telemetry
services.AddApplicationInsightsTelemetry();
// Configure health checks
services.AddHealthChecks()
.AddCheck<MCPServerHealthCheck>("mcp-server")
.AddCheck<ExternalServiceHealthCheck>("external-services");
// Configure metrics
services.AddSingleton<IMeterFactory, MeterFactory>();
services.AddMcpServer()
.WithHttpServerTransport()
.WithToolsFromAssembly();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseHealthChecks("/health");
app.UseMetrics();
app.MapMcpServer();
}Enabling AI Agents with GitHub Copilot and MCP in VS Code
Setup and Configuration Process
Developers need to install the GitHub Copilot extension and activate their subscription before they can use AI agents with GitHub Copilot and Model Context Protocol (MCP) in Visual Studio Code. The developers need to set up MCP server connections through VS Code's settings after they have installed the GitHub Copilot extension and have an active subscription. The integration process starts with the creation or modification of the mcp.json configuration file in either the .vscode folder of your workspace or your user settings directory to define MCP servers with their transport configurations.
Step 1: Prerequisites
- Install the GitHub Copilot extension in VS Code.
- You need to have an active GitHub Copilot subscription.
- Have a working MCP server implementation (C# example provided above)
Step 2: MCP Server Configuration
Create an mcp.json file in your workspace's .vscode folder with the following structure:
{
"servers": {
"MyMCPServer": {
"type": "stdio",
"command": "dotnet",
"args": ["run", "--project", "path/to/your/MCPServer.csproj"]
}
}
}
Step 3: Activating Agent Mode
- Open VS Code with your configured workspace.
- Open the GitHub Copilot Chat panel using Ctrl+Shift+I (Windows/Linux) or Cmd+Shift+I (Mac).
- Look for the agent icon in the chat interface and toggle "Agent mode" ON.
- The AI agent is now ready with access to your MCP tools.
Step 5: Using the AI Agent
Once Agent mode is enabled, GitHub Copilot gains access to the tools, resources, and prompts exposed by your configured MCP servers. You can now:
- Ask complex questions that require data analysis or external tool usage
- Request operations like "Analyze this text file and generate a report."
- Chain multiple operations such as retrieving data, processing it, and creating visualizations
Step 6: Tool Execution Process
During execution, VS Code will:
- Display tool information: Show the tool name, description, and parameters.
- Request user consent: Present a dialog asking for permission to execute.
- Execute approved tools: Run the tool with the specified parameters.
- Return results: Display the tool output integrated into the AI response.
Accessing a remote MCP Server
The following example shows how to access MCP servers that have been deployed remotely for different use cases.
Important Note: The following examples are provided strictly for educational purposes. In a production-ready environment, it is essential to implement secure methods for handling API keys, tokens, and other authentication mechanisms.
HTTP-Based Remote MCP Server
Basic HTTP Configuration
{
"servers": {
"remote-api-server": {
"type": "http",
"url": "https://api.example.com/mcp",
"headers": {
"User-Agent": "VSCode-MCP-Client/1.0",
"Accept": "application/json"
}
}
}
}
HTTP with API Key Authentication
{
"servers": {
"authenticated-server": {
"type": "http",
"url": "https://secure-api.company.com/mcp",
"headers": {
"Authorization": "your-api-key-here",
"X-API-Version": "2024-01-01",
"Content-Type": "application/json"
},
"timeout": 30000
}
}
}
HTTP with Custom Headers and Environment Variables
{
"servers": {
"enterprise-server": {
"type": "http",
"url": "https://internal.company.com/mcp-gateway",
"headers": {
"Authorization": "Bearer ${MCP_API_TOKEN}",
"X-Client-ID": "${MCP_CLIENT_ID}",
"X-Environment": "production"
},
"env": {
"MCP_API_TOKEN": "your-token-from-env",
"MCP_CLIENT_ID": "your-client-id"
}
}
}
}Server-Sent Events (SSE) Configuration
Basic SSE Configuration
{
"servers": {
"realtime-data-server": {
"type": "sse",
"url": "https://streaming.example.com/mcp/events",
"headers": {
"Authorization": "your-streaming-token",
"Cache-Control": "no-cache"
},
"reconnect": true,
"reconnectInterval": 5000
}
}
}
SSE with Custom Configuration
{
"servers": {
"live-analytics": {
"type": "sse",
"url": "https://analytics.company.com/mcp/stream",
"headers": {
"Authorization": "Bearer ${ANALYTICS_TOKEN}",
"X-Stream-Type": "mcp-events"
},
"options": {
"withCredentials": true,
"heartbeatTimeout": 30000,
"maxRetries": 3
}
}
}
}
Azure Hosted MCP Servers
{
"servers": {
"azure-mcp-service": {
"type": "http",
"url": "https://your-app.azurewebsites.net/mcp",
"headers": {
"Authorization": "Bearer ${AZURE_MCP_TOKEN}",
"X-Azure-Region": "eastus",
"X-Subscription-ID": "${AZURE_SUBSCRIPTION_ID}"
},
"env": {
"AZURE_MCP_TOKEN": "your-azure-token",
"AZURE_SUBSCRIPTION_ID": "your-subscription-id"
}
}
}
}
Future Directions and Emerging Patterns
Evolution of AI Agent Architectures
The Model Context Protocol establishes standardized AI agent architectures, but the field remains in rapid development. The future development of AI agents indicates they will develop better capabilities to manage various tools and data sources through complex multi-step workflow contexts [38].
The C# SDK maintains a flexible design, which makes it suitable for upcoming requirements. The protocol's capability negotiation mechanisms enable backward compatibility, as they allow the addition of new features and capabilities. The design method allows MCP implementations to operate without interruption as the protocol advances to support fresh use cases and requirements.
Integration with Large Language Model Ecosystems
MCP maintains deep integration with different LLM ecosystems through regular additions of new capabilities. The C# SDK connects to Microsoft.Extensions.AI creates a foundation for assisting diverse LLM providers by utilizing consistent interfaces and behavioral patterns [39].
The upcoming developments will bring advanced support for multi-modal interactions together with better context handling in extended dialogues and advanced tool composition methods. The SDK's modular structure together with dependency injection features creates a strong base for implementing new capabilities when they become available.
Conclusion
The Model Context Protocol serves as a vital milestone in AI agent advancement through its standardized framework for AI systems to interact with external data tools. The analysis of this paper demonstrates how developers can use the C# programming language and .NET ecosystem to build complex AI agents that are secure and scalable through the implementation of MCP and its practical applications and architecture.
The research provides essential contributions through its thorough examination of MCP design principles and architecture as well as its official C# SDK implementation guidance and real-world application pattern examples. The security guidelines and best practices provide crucial instructions for deploying MCP-based systems in production settings where reliability and security matter most.
The .NET ecosystem benefits from C# SDK integration, which makes enterprise development more efficient. The dependency injection support, along with complete testing capabilities and existing .NET infrastructure integration, enables developers to construct AI agents that follow enterprise development standards.
The Model Context Protocol will become more significant for the AI agent ecosystem in the future. As AI technology progresses and agent complexity requirements expand, the standardized framework of MCP will become essential for developing secure, maintainable, and interoperable AI systems.
The examples together with patterns in this paper establish a basis for developers to construct ready-for-production AI agents that will connect LLM capabilities to real-world data sources. The architectural principles and implementation patterns described here enable developers to build AI agents that deliver both capability and power while maintaining security, reliability, and ease of maintenance.
Both the Model Context Protocol and the C# SDK continue to advance, which will provide developers with advanced tools to develop future AI agents. MCP provides a standardized method through which developers can leverage the strong development environment of .NET to create a robust platform for AI agent development.
References
[1] Anthropic. (2024). Introducing the Model Context Protocol [Online]. Available: https://www.anthropic.com/news/model-context-protocol
[2] Model Context Protocol. (2025). Official Specification [Online]. Available: https://modelcontextprotocol.io/specification/2025-06-18
[3] IBM. (2025). What is Model Context Protocol (MCP)? [Online]. Available: https://www.ibm.com/think/topics/model-context-protocol
[4] Microsoft. (2025). Build a Model Context Protocol (MCP) server in C# [Online]. Available: https://devblogs.microsoft.com/dotnet/build-a-model-context-protocol-mcp-serverin-csharp/
[5] JSON-RPC Working Group. (2013). JSON-RPC 2.0 Specification [Online]. Available: https://www.jsonrpc.org/specification
[6] Microsoft. (2016). Language Server Protocol Specification [Online]. Available: https://microsoft.github.io/language-server-protocol/
[7] Model Context Protocol. (2025). GitHub Organization [Online]. Available: https://github.com/modelcontextprotocol
[8] Microsoft. (2025). Get started with .NET AI and MCP [Online]. Available: https://learn.microsoft.com/en-us/dotnet/ai/get-started-mcp
[9] Model Context Protocol. (2025). C# SDK Repository [Online]. Available: https://github.com/modelcontextprotocol/csharp-sdk
[10] Kempé, L. (2025). Model Context Protocol Made Easy: Building an MCP Server inC# [Online]. Available: https://laurentkempe.com/2025/03/22/model-context-protocolmade-easy-building-an-mcp-server-in-csharp/
[11] Microsoft. (2025). Quickstart - Create a minimal MCP server and publish to NuGet [Online]. Available: https://learn.microsoft.com/en-us/dotnet/ai/quickstarts/build-mcpserver
[12] Confluent. (2025). Powering AI Agents with Real-Time Data Using Anthropic's MCP [Online]. Available: https://www.confluent.io/blog/ai-agents-using-anthropic-mcp/
[13] Kempé, L. (2025). SSE-Powered MCP Server with C# and .NET in 15.7MB
executable [Online]. Available: https://laurentkempe.com/2025/04/05/sse-powered-mcpserver-with-csharp-and-dotnet-in-157mb-executable/
[14] NuGet. (2025). ModelContextProtocol Package [Online]. Available: https://www.nuget.org/packages/ModelContextProtocol
[15] Microsoft. (2025). Microsoft.Extensions.Hosting Documentation [Online]. Available: https://docs.microsoft.com/en-us/dotnet/core/extensions/hosting
[16] Microsoft. (2025). Dependency injection in .NET [Online]. Available: https://docs.microsoft.com/en-us/dotnet/core/extensions/dependency-injection
[17] Microsoft. (2025). ASP.NET Core Documentation [Online]. Available: https://docs.microsoft.com/en-us/aspnet/core/
[18] Microsoft. (2025). Configuration in ASP.NET Core [Online]. Available: https://docs.microsoft.com/en-us/aspnet/core/fundamentals/configuration/
[19] Microsoft. (2025). Reflection in .NET [Online]. Available: https://docs.microsoft.com/en-us/dotnet/csharp/programmingguide/concepts/reflection
[20] A16Z. (2025). A Deep Dive Into MCP and the Future of AI Tooling [Online]. Available: https://a16z.com/a-deep-dive-into-mcp-and-the-future-of-ai-tooling/
[21] Microsoft. (2025). HTTP clients using IHttpClientFactory in ASP.NET Core [Online]. Available: https://docs.microsoft.com/en-us/aspnet/core/fundamentals/http-requests
[22] Mozilla. (2025). Server-sent events [Online]. Available: https://developer.mozilla.org/en-US/docs/Web/API/Server-sent_events
[23] Microsoft. (2025). Logging in .NET Core and ASP.NET Core [Online]. Available: https://docs.microsoft.com/en-us/aspnet/core/fundamentals/logging/
[24] Microsoft. (2025). Dependency injection guidelines [Online]. Available: https://docs.microsoft.com/en-us/dotnet/core/extensions/dependency-injectionguidelines
[25] Hugging Face. (2025). What Is MCP, and Why Is Everyone – Suddenly!– Talking About It? [Online]. Available: https://huggingface.co/blog/Kseniase/mcp
[26] Microsoft. (2025). Routing in ASP.NET Core [Online]. Available: https://docs.microsoft.com/en-us/aspnet/core/fundamentals/routing
[27] Microsoft. (2025). Security considerations for ASP.NET Core [Online]. Available: https://docs.microsoft.com/en-us/aspnet/core/security/
[28] Microsoft. (2025). Authorization in ASP.NET Core [Online]. Available: https://docs.microsoft.com/en-us/aspnet/core/security/authorization/
[29] Microsoft. (2025). Authentication and authorization in ASP.NET Core [Online]. Available: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/
[30] Microsoft. (2025). Model validation in ASP.NET Core MVC [Online]. Available: https://docs.microsoft.com/en-us/aspnet/core/mvc/models/validation
[31] Microsoft. (2025). Logging providers in .NET [Online]. Available: https://docs.microsoft.com/en-us/dotnet/core/extensions/logging-providers
[32] Microsoft. (2025). Performance best practices for ASP.NET Core [Online]. Available: https://docs.microsoft.com/en-us/aspnet/core/performance/performance-bestpractices
[33] Microsoft. (2025). Cache in-memory in ASP.NET Core [Online]. Available: https://docs.microsoft.com/en-us/aspnet/core/performance/caching/memory
[34] Microsoft. (2025). Unit testing C# with MSTest and .NET [Online]. Available: https://docs.microsoft.com/en-us/dotnet/core/testing/unit-testing-with-mstest
[35] Microsoft. (2025). Integration tests in ASP.NET Core [Online]. Available: https://docs.microsoft.com/en-us/aspnet/core/test/integration-tests
[36] Microsoft. (2025). Containerize a .NET app [Online]. Available: https://docs.microsoft.com/en-us/dotnet/core/docker/build-container
[37] Microsoft. (2025). .NET observability with OpenTelemetry [Online]. Available: https://docs.microsoft.com/en-us/dotnet/core/diagnostics/observability-with-otel
[38] Microsoft. (2025). Build Agents using Model Context Protocol on Azure[Online]. Available: https://learn.microsoft.com/en-us/azure/developer/ai/intro-agents-mcp
[39] Microsoft. (2025). Microsoft.Extensions.AI Documentation [Online]. Available: https://docs.microsoft.com/en-us/dotnet/ai/
Opinions expressed by DZone contributors are their own.
Comments