-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathProgram.cs
More file actions
328 lines (275 loc) · 11.7 KB
/
Program.cs
File metadata and controls
328 lines (275 loc) · 11.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
using Microsoft.AspNetCore.Builder;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using ModelContextProtocol.Server;
using System.ComponentModel;
using System.Text.Json;
using System.Reflection;
using Authentication.Configuration;
using Authentication.Controllers;
using Authentication.Interfaces;
using Authentication.Services;
using Authentication.Middleware;
using Authentication.OAuth;
using Authentication.WebAuthn;
using Data;
using Microsoft.EntityFrameworkCore;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authorization;
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using Authentication.Models;
using Services;
using Configuration;
// Handle CLI commands for service management
if (args.Length > 0)
{
var command = args[0].ToLowerInvariant();
var serviceManager = new ServiceManager();
switch (command)
{
case "--daemon":
case "daemon":
Console.WriteLine("Starting Remote MCP Server as daemon...");
break;
case "--status":
case "status":
await serviceManager.ShowStatusAsync();
return;
case "--stop":
case "stop":
await serviceManager.StopServiceAsync();
return;
case "--install-service":
case "install-service":
await serviceManager.InstallServiceAsync();
return;
case "--uninstall-service":
case "uninstall-service":
await serviceManager.UninstallServiceAsync();
return;
case "--help":
case "help":
case "-h":
ShowHelp();
return;
default:
if (!command.StartsWith("--"))
{
Console.WriteLine($"Unknown command: {command}");
ShowHelp();
return;
}
break;
}
}
static void ShowHelp()
{
Console.WriteLine("Remote MCP Server - Cross-platform service hosting");
Console.WriteLine();
Console.WriteLine("Usage: remote-mcp [command]");
Console.WriteLine();
Console.WriteLine("Commands:");
Console.WriteLine(" daemon Run as background daemon/service");
Console.WriteLine(" status Show service status");
Console.WriteLine(" stop Stop running service");
Console.WriteLine(" install-service Install as system service");
Console.WriteLine(" uninstall-service Remove system service");
Console.WriteLine(" help Show this help");
Console.WriteLine();
Console.WriteLine("Default (no command): Run as interactive server");
}
var builder = WebApplication.CreateBuilder(args);
// Configure cross-platform service hosting
builder.Services.AddWindowsService(options =>
{
options.ServiceName = "Remote MCP Server";
});
builder.Services.AddSystemd();
// Add background service for lifecycle management
builder.Services.AddHostedService<McpServerLifecycleService>();
// Configure logging to stderr (MCP convention) with UTC timestamps
builder.Logging.AddConsole(consoleLogOptions =>
{
consoleLogOptions.LogToStandardErrorThreshold = LogLevel.Trace;
consoleLogOptions.TimestampFormat = "[yyyy-MM-dd HH:mm:ss UTC] ";
consoleLogOptions.UseUtcTimestamp = true;
});
// Register MCP server with HTTP transport (Streamable HTTP)
builder.Services.AddMcpServer()
.WithHttpTransport()
.WithToolsFromAssembly();
// Configure enterprise authentication services
builder.Services.Configure<AuthenticationConfiguration>(
builder.Configuration.GetSection(AuthenticationConfiguration.SectionName));
// Configure server settings
builder.Services.Configure<ServerConfiguration>(
builder.Configuration.GetSection(ServerConfiguration.SectionName));
// Register authentication services following Microsoft DI patterns
// Use consistent lifetimes to avoid DI violations
// Application Services (per-request scope for proper lifecycle)
builder.Services.AddScoped<IAuthenticationModeProvider, AuthenticationModeProvider>();
builder.Services.AddScoped<ITokenService, TokenService>();
builder.Services.AddScoped<IMultiTenantTokenService, MultiTenantTokenService>();
// Domain Layer (scoped to maintain consistency boundary)
builder.Services.AddScoped<Authentication.Domain.Services.IAuthenticationDomainService, Authentication.Domain.Services.AuthenticationDomainService>();
// Infrastructure Layer (scoped for database connection lifetime)
builder.Services.AddScoped<Authentication.Domain.Repositories.IUserRepository, Authentication.Infrastructure.Repositories.InMemoryUserRepository>();
// Enterprise Services (scoped for dependency consistency)
builder.Services.AddScoped<IEnterpriseOAuthPolicyService, EnterpriseOAuthPolicyService>();
builder.Services.AddScoped<IClientCertificateService, ClientCertificateService>();
builder.Services.AddScoped<IEnterpriseWebAuthnService, EnterpriseWebAuthnService>();
builder.Services.AddScoped<IPasswordlessAIAuthFlow, PasswordlessAIAuthFlow>();
// OAuth endpoint providers removed for clean state
// Register rate limiting service
builder.Services.AddSingleton<IRateLimitingService, RateLimitingService>();
// Register SOLID key management service
builder.Services.AddSingleton<ICryptographicUtilityService, Authentication.Domain.Services.CryptographicUtilityService>();
builder.Services.AddSingleton<ISigningKeyService, SigningKeyService>();
// Register session management service for MCP and OAuth integration
builder.Services.AddSingleton<ISessionManagementService, SessionManagementService>();
// Register OAuth endpoint provider services
builder.Services.AddScoped<SimpleOAuthEndpointProvider>();
builder.Services.AddScoped<LocalOAuthEndpointProvider>();
builder.Services.AddScoped<IOAuthEndpointProviderFactory, OAuthEndpointProviderFactory>();
// Add multi-scheme authentication: Cookie + JWT Bearer
builder.Services.AddAuthentication(options =>
{
// Set default scheme to Cookie for browser requests
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
{
options.LoginPath = "/auth/login";
options.LogoutPath = "/auth/logout";
options.ExpireTimeSpan = TimeSpan.FromHours(8);
options.SlidingExpiration = true;
options.Cookie.Name = "mcp-session";
options.Cookie.HttpOnly = true;
options.Cookie.SameSite = SameSiteMode.Lax;
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
})
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>
{
// Configuration will be completed by ConfigureJwtBearerOptions below
});
// Configure JWT Bearer options using proper IConfigureNamedOptions pattern
builder.Services.ConfigureOptions<ConfigureJwtBearerOptions>();
// Add authorization with multi-scheme policy for MCP access
builder.Services.AddAuthorization(options =>
{
// Create composite policy supporting both Cookie and JWT Bearer authentication
options.AddPolicy("McpAccess", policy =>
{
policy.AuthenticationSchemes.Add(CookieAuthenticationDefaults.AuthenticationScheme);
policy.AuthenticationSchemes.Add(JwtBearerDefaults.AuthenticationScheme);
policy.RequireAuthenticatedUser();
});
// Keep default policy for other endpoints
options.DefaultPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
});
// Add session support for OAuth and WebAuthn
builder.Services.AddDistributedMemoryCache();
builder.Services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromHours(8); // Extend for OAuth sessions
options.Cookie.HttpOnly = true;
options.Cookie.IsEssential = true;
options.Cookie.SameSite = SameSiteMode.Lax; // Fix: Use Lax for localhost OAuth flow
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
});
// Configure authentication database (in-memory for development)
builder.Services.AddDbContext<AuthDbContext>(options =>
{
options.UseInMemoryDatabase("AuthDatabase");
});
// Add CORS for browser-based MCP clients
builder.Services.AddCors(options =>
{
options.AddDefaultPolicy(policy =>
{
policy.AllowAnyOrigin()
.AllowAnyHeader()
.AllowAnyMethod();
});
});
var app = builder.Build();
// Initialize AuthenticationTools with service provider for remote MCP service
Tools.AuthenticationTools.Initialize(app.Services);
// Enable CORS middleware
app.UseCors();
// CRITICAL DEBUG: Log ALL HTTP requests to understand mcp-remote behavior
app.Use(async (context, next) =>
{
var logger = context.RequestServices.GetRequiredService<ILogger<Program>>();
logger.LogCritical("🌐 HTTP REQUEST: {Method} {Path} {QueryString}",
context.Request.Method, context.Request.Path, context.Request.QueryString);
await next();
});
// Add session support for WebAuthn challenges
app.UseSession();
// Add enterprise security middleware (before MCP mapping)
app.UseMiddleware<RateLimitingMiddleware>();
// Add OAuth 2.1 bearer token security middleware
app.UseMiddleware<OAuth21BearerTokenSecurityMiddleware>();
// Enable OAuth discovery and implementation endpoints (BEFORE authentication middleware)
app.MapOAuthEndpoints();
app.MapOAuthImplementationEndpoints();
app.MapWebAuthnEndpoints();
// Map dedicated authentication endpoints for browser-based OAuth flows
app.MapAuthenticationEndpoints();
// Add session validation middleware (BEFORE authentication)
app.UseMiddleware<SessionValidationMiddleware>();
// Use standard ASP.NET Core authentication/authorization
app.UseAuthentication();
app.UseAuthorization();
// Map MCP endpoints with multi-scheme authentication (Cookie + JWT Bearer)
// MCP clients can authenticate via session cookies created through OAuth flow
var mcpEndpoint = app.MapMcp();
// Apply authentication based on configuration
var authConfig = app.Configuration.GetSection(AuthenticationConfiguration.SectionName).Get<AuthenticationConfiguration>();
if (authConfig?.Mode != AuthenticationMode.Disabled)
{
mcpEndpoint.RequireAuthorization("McpAccess");
}
// Optional: Add a health check endpoint
app.MapGet("/health", () => Results.Ok(new { status = "healthy", timestamp = DateTime.UtcNow }));
// Optional: Add server info endpoint for debugging
app.MapGet("/info", () => Results.Json(new
{
name = "Remote MCP Server",
version = "1.0.0",
transport = "streamable-http",
endpoints = new
{
mcp = "/mcp",
health = "/health",
protected_demo = "/protected",
oauth_auth = "/authorize"
},
description = "A remote MCP server built with C# and ASP.NET Core"
}));
// Add protected test endpoint for OAuth 2.1 testing
app.MapGet("/protected", () => Results.Json(new
{
message = "Success! You have accessed a protected endpoint.",
timestamp = DateTime.UtcNow,
user = "authenticated_user",
scope = "mcp:tools"
})).RequireAuthorization();
// Start server - use configuration from appsettings.json
var serverConfig = app.Configuration.GetSection(ServerConfiguration.SectionName).Get<ServerConfiguration>() ?? new ServerConfiguration();
var serverUrl = serverConfig.GetUrl();
app.Run(serverUrl);
// Make Program class accessible for testing
public partial class Program { }
/// <summary>
/// MCP Tools - All classes marked with [McpServerToolType] are automatically registered
/// Tool implementations are located in the Tools/ directory for better organization
/// </summary>