Hosting Options

When the Transport property is set to ttHTTP, the MCPServer class may be hosted via an external server framework like ASP.NET Core, via an embedded HTTP server, or in a fully offline mode. The ProcessingMode property should be set according to the type of hosting option used. Possible hosting options are:

The following aspects of class use and behavior are impacted by hosting options:

  • Processing Inbound Requests
  • Authentication
  • Configuration Requirements
  • Connection Security
  • Sending Responses

Embedded Server

Processing Inbound Requests

When functioning in embedded server mode, the component's StartListening method causes the embedded web server to begin listening for inbound MCP requests. The LocalHost and LocalPort fields must be set prior to starting the server.

if (procmode == MCPServerProcessingModes.modeEmbeddedServer) { server.ServerSettings.LocalHost = "localhost"; server.ServerSettings.LocalPort = "80"; server.StartListening(); } The StopListening method disconnects any connected clients and stops listening.

Configuration Requirements

The embedded server's behavior is configured via the ServerSettings property and the ServerCert property. These settings control the local interface and port on which the server listens, as well as the allowed authentication methods.

Authentication

When hosting MCPServer using the embedded web server, the AllowedAuthMethods field determines which authentication schemes the embedded server will allow.

Connection Security

When using the embedded server, the server hosts a plaintext (HTTP) endpoint by default. The ServerCert property is used to enable TLS for secure connections. When ServerCert is set to a TLS certificate, the embedded HTTP server will use and require TLS for inbound HTTPS connections.

Sending Responses

The type of HTTP response generated by the class depends on logic that occurs within events that fire as the class processes requests.

After processing a request, the class automatically sends an HTTP response according to the MCP standard. Errors are reported to the client via HTTP error responses, and success is reported via 200 OK. The contents of the response depend on the specific operation performed.

External Server

Processing Inbound Requests

When functioning in external server mode, the external server framework listens for HTTP requests. The HttpContext object must be passed explicitly to the class to process the request.

Authentication

Authentication occurs outside the scope of MCP SDK when using the external server mode. Prior to passing the Request to the class via ProcessRequest, the incoming request should be authenticated using the appropriate mechanism. For instance, an ASP.NET Core application may require basic or NTLM authentication to access the endpoint where the request will be processed. Once the request has been authenticated through external verification, the Request should be passed to the ProcessRequest method.

Configuration Requirements

External servers may require configuration such that MCP requests can be passed to MCP SDK. The details depend on the framework used to build the external server.

Java Servlets

The server is compatible with standard implementations of HttpServlet, if they pass all requests to the service() method.

Connection Security

When hosting the class via an external server, the security settings in the external server framework determine connection security. The class has no impact on TLS in this processing mode.

Sending Responses

The type of HTTP response generated by the class depends on logic that occurs within events that fire as the class processes requests.

When calling the ProcessRequest method, an HttpResponse object should be passed as a method parameter (as well as the HttpRequest). The class will populate the response object with the status code, headers, and body generated while processing the request. The Java servlet can then use this object to return the response to the connected client.

Offline Mode

Processing Inbound Requests

When functioning in offline mode, the class uses the Request and RequestHeaders properties to read inbound requests. These properties should be set to the request body and headers, respectively, before processing the request by calling the ProcessRequest method with null Request and Response parameters.

In offline mode, the class will not attempt to send a response to clients. Instead, the Response and ResponseHeaders properties are set to the body content and headers, respectively, of the response.

Authentication

Authentication is fully outside the scope of the class when using offline mode. The class will process requests without any direct checks for authentication.

Configuration Requirements

In offline mode, the class is agnostic to any process that occurs prior to setting the Request and RequestHeaders properties, and as such does not require any additional configuration.

Connection Security

In offline mode, the class does not have a live connection to a client, so connection security is not directly relevant to the class's operation.

Sending Responses

The type of HTTP response generated by the class depends on logic that occurs within events that fire as the class processes requests.

After processing a request in offline mode, the class will populate the Response and ResponseHeaders properties with the content of the response. This data can be extracted from these properties and returned to the client using whatever approach is appropriate.