It would be great if the documentation website had a few pointers on authentication architecture choices.
Imagine you have an existing ASP.NET Core API project which already has its own AzureAD authentication + JWT Bearer authentication for development (with dotnet user-jwts). I think this is a common scenario for people wanting to add MCP functionality to their existing solution.
It would be great to read something about setting that up, and about the choices that can be made there:
- one project vs multiple projects:
- putting both the MCP and normal API endpoints in the same project. This adds some complexity regarding coexistence of authentication schemes. I see for MCP a different scheme is needed.
- factoring out the business logic into a common project that is referenced by a REST API project and a MCP server project
- one app registration vs multiple app registrations in Entra ID?
Searched:
It would be great if the documentation website had a few pointers on authentication architecture choices.
Imagine you have an existing ASP.NET Core API project which already has its own AzureAD authentication + JWT Bearer authentication for development (with
dotnet user-jwts). I think this is a common scenario for people wanting to add MCP functionality to their existing solution.It would be great to read something about setting that up, and about the choices that can be made there:
Searched: