Build MCP for AI: How to Build Model Context Protocol

Introduction: Why Build MCP for AI

Modern AI applications need real-time access to data, tools, and workflows. The Model Context Protocol (MCP) provides a unified standard that allows AI systems to connect with external resources without building custom integrations repeatedly.

In this blog, you will learn how to build MCP for AI, implement an MCP server and MCP client in C#, use tools, resources, prompts, understand the challenges, and follow best practices for deploying MCP in real-world AI applications.

Key Takeaways

• Model Context Protocol provides a standard way for AI models to access external tools and resources.
• You can build an MCP server in C# to expose prompts, tools, and resources.
• MCP clients can invoke actions, read resources, and interact with servers.
• MCP improves modularity, integrations, and seamless AI interactions with external systems.
• Security, compliance, and performance challenges must be addressed in MCP implementations.

What is the Model Context Protocol (MCP)?

MCP (Model Context Protocol) is an open-source standard for connecting AI applications to access and interact with various external resources. Using MCP, AI applications can connect to data sources (e.g. local files, databases), tools (e.g. search engines, calculators) and workflows (e.g. specialized prompts) enabling them to access key information and perform tasks. Instead of writing unique connectors for each integration, MCP provides a unified interface that any compliant system can use.

Build MCP Server and MCP Client applications in C#.Net

The solution includes both a server and a client, showing how to:

• MCP Server: Define and expose tools on the server side, Build and deploy basic MCP servers with custom features (resources, prompts, and tools) ‍
• MCP Client: Send prompts and interact with resources ‍
• MCP Host: Create host applications that connect to MCP servers

Building Model Context Protocol (MCP) Server

Program.cs

using Microsoft.Extensions.DependencyInjection; 
using Microsoft.Extensions.Hosting; 
using Microsoft.Extensions.Logging; 
 
Console.WriteLine("Hello, MCP Simple server!"); 
 
var builder = Host.CreateApplicationBuilder(args); 
builder.Logging.AddConsole(consoleLogOptions => 
{ 
    // Configure all logs to go to stderr 
    consoleLogOptions.LogToStandardErrorThreshold = LogLevel.Trace; 
}); 
 
builder.Services 
    .AddMcpServer() 
    .WithStdioServerTransport() 
    .WithPromptsFromAssembly() 
    .WithToolsFromAssembly() 
    .WithResourcesFromAssembly(); 
 
await builder.Build() 
    .RunAsync(); 

using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; using Microsoft.Extensions.Logging;

SimplePrompt.cs

using Microsoft.Extensions.AI; 
using ModelContextProtocol.Server; 
using System.ComponentModel;  
namespace SimpleServer.Prompts;

[McpServerPromptType] 
public static class SimplePrompt 
{ 
    [McpServerPrompt, Description("Creates a prompt to summarize the provided message.")] 
    public static ChatMessage Summarize(string content) => 
        new(ChatRole.User, $"Please summarize this content into a single sentence: {content}"); 
}

SimpleTool.cs

using ModelContextProtocol.Server; 
using System.ComponentModel; 
 
namespace SimpleServer.Prompts; 
 
[McpServerToolType] 
public static class SimpleTool 
{ 
    [McpServerTool, Description("Returns the current time for the specified time zone.")] 
    public static string GetCurrentTime(string timeZone) 
    { 
        try 
        { 
            var tz = TimeZoneInfo.FindSystemTimeZoneById(timeZone); 
            var now = TimeZoneInfo.ConvertTimeFromUtc(DateTime.UtcNow, tz); 
            return now.ToString("o"); // ISO 8601 format 
        } 
        catch (TimeZoneNotFoundException) 
        { 
            return $"Time zone '{timeZone}' not found."; 
        } 
        catch (InvalidTimeZoneException) 
        { 
            return $"Time zone '{timeZone}' is invalid."; 
        } 
    } 
}

SimpleResource.cs

using ModelContextProtocol.Server; 
using System.ComponentModel; 
 
namespace SimpleServer.Prompts; 
 
[McpServerResourceType] 
public static class SimpleResource 
{ 
    [McpServerResource, Description("Returns the Bing endpoint URL.")] 
    public static string GetBingEndpoint() => "https://bing.com"; 
}

Building MCP Client:

Program.cs

using ModelContextProtocol.Client; 
using ModelContextProtocol.Protocol; 
 
Console.WriteLine($"Hello, MCP Simple client!"); 
 
// Create the stdio transport (using current process's stdin/stdout) 
var transport = new StdioClientTransport(new StdioClientTransportOptions 
{ 
    Name = "MCP Simple Client", 
    Command = "..\\..\\..\\..\\SimpleServer\\bin\\Debug\\net8.0\\SimpleServer.exe", 
    // The command to start the MCP server process 
    // If the server is already running, you can use the same command as the server 
    // If you want to use a different command, specify it here 
}); 
 
try 
{ 
    // Create the MCP client 
    var client = await McpClientFactory.CreateAsync(cancellationToken: default, clientTransport: transport); 
 
    // List available prompts from the server 
    foreach (var pr in await client.ListPromptsAsync()) 
    { 
        Console.WriteLine($"Available prompt: {pr.Name} - {pr.Description}"); 
    } 
 
    // Specify the prompt you want to use 
    var promptName = "Summarize"; 
 
    // Create a dictionary of arguments for the prompt 
    IReadOnlyDictionary<string, object> promptArguments = new Dictionary<string, object>() 
    { 
       { "content", "ModelContextProtocol enables structured communication." } 
    }; 
 
    // Get the prompt from the server using the specified name and arguments 
    var prompt = await client.GetPromptAsync(promptName, promptArguments!); 
    if (prompt == null) 
    { 
        Console.WriteLine($"Prompt '{promptName}' not found."); 
        return; 
    } 
 
    // Print the prompt details 
    foreach (var message in prompt.Messages) 
    { 
        Console.WriteLine($"Message Role: {message.Role}, Content: {message.Content?.Text}"); 
    } 
 
    // List available tools from the server 
    foreach (var to in await client.ListToolsAsync()) 
    { 
        Console.WriteLine($"Available tool: {to.Name} - {to.Description}"); 
    } 
 
    // Specify the tool you want to use 
    var toolName = "GetCurrentTime"; 
 
    // Create a dictionary of arguments for the tool 
    IReadOnlyDictionary<string, object> toolArguments = new Dictionary<string, object>() 
    { 
        { "timeZone", "Pacific Standard Time" } // Example time zone 
    }; 
 
    // Call tool from the server using the specified name and arguments 
    var result = await client.CallToolAsync(toolName, toolArguments!); 
    if (result == null) 
    { 
        Console.WriteLine($"Tool '{toolName}' not found."); 
        return; 
    } 
 
    // Print the tool result 
    foreach (var res in result.Content) 
    { 
        Console.WriteLine($"Tool Result: {res.Text}"); 
    } 
 
    // List available resources from the server 
    foreach (var res in await client.ListResourcesAsync()) 
    { 
        Console.WriteLine($"Available resource: {res.Name} - {res.Description}"); 
    } 
 
    // Specify the resource you want to use 
    var resourceName = "resource://GetBingEndpoint"; 
 
    // Get the resource from the server using the specified name 
    var resource = await client.ReadResourceAsync(resourceName); 
    if (resource == null) 
    { 
        Console.WriteLine($"Resource '{resourceName}' not found."); 
        return; 
    } 
 
    // Print the resource details 
    foreach (var res in resource.Contents) 
    { 
        Console.WriteLine($"Resource Content: {((TextResourceContents)res)?.Text}"); 
    } 
} 
catch (Exception ex) 
{ 
    Console.WriteLine("Error creating MCP client: " + ex.Message); 
    return; 
}

Overview of MCP server and Client

MCP brings a new level of consistency and modularity to AI integrations. With a simple but powerful abstraction using Resources, Prompts, and Tools, and a clean client-server model, you can build intelligent agents that interact seamlessly with the outside world.

Common Challenges/Pitfalls in MCP

Security and trust challenges

• Tool poisoning: Attackers can embed malicious instructions in tool descriptions, which can lead to data exfiltration or other unintended actions by the AI. ‍
• Lack of authentication and message signing: The protocol has weak authentication guidelines, no message signing, and can be vulnerable to tampering and unauthorized access. ‍
• Data exfiltration and arbitrary code execution: MCP servers can be exploited by attackers to execute code with client privileges or steal data. ‍
• Insecure server environments: Using untrusted or community-provided MCP servers can lead to significant risks. ‍
• No protection against malicious servers: The trust model assumes good actors, and there is no protection against malicious servers that might mimic or alter commands from legitimate services.

Adoption and maturity challenges

• Limited industry support: As a relatively new protocol, many applications and tools have not yet been released for MCP server offerings, limiting its immediate practical use. ‍
• Incomplete documentation: Certain areas of documentation are still lacking. ‍
• Smaller developer community: The community of developers for MCP is less mature than those for other integration methods, leading to less peer support. ‍
• Adoption curve and mindset shift: Teams must undergo a learning curve and re-engineer processes to adapt to the MCP framework.  

Data and compliance challenges

• Data privacy concerns: It can be difficult to maintain data governance and privacy, as MCP makes it easy to connect data to an LLM without fully considering the implications. ‍
• Regulatory compliance issues: The protocol currently lacks tools to enforce data sovereignty, geographic boundaries, or prevent cross-border data transfers as required by regulations like GDPR.  

Performance and reliability challenges

• Latency: Relying on remote servers can introduce latency, which is a problem for time-sensitive applications. ‍
• Inconsistent context handling: Inconsistent handling of context can lead to errors or unexpected behavior. ‍
• Limited cross-session generalization: MCP has limitations in generalizing context across different user sessions. ‍
• State management: Persistent memory and state management are challenging aspects of the protocol.

Control and dependency challenges

• Loss of control: It is possible to offload too much application logic to an LLM, which can reduce the user's ownership and control of the application.

Best Practices for using MCP

Security Best Practices

1. User Consent and Control: Always require explicit user consent before accessing data or performing operations. Provide clear control over what data is shared and which actions are authorized. ‍
2. Data Privacy: Only expose user data with explicit consent and protect it with appropriate access controls. Safeguard against unauthorized data transmission. ‍
3. Tool Safety: Require explicit user consent before invoking any tool. Ensure users understand each tool's functionality and enforce robust security boundaries. ‍
4. Tool Permission Control: Configure which tools a model is allowed to use during a session, ensuring only explicitly authorized tools are accessible. ‍
5. Authentication: Require proper authentication before granting access to tools, resources, or sensitive operations using API keys, OAuth tokens, or other secure authentication methods. ‍
6. Parameter Validation: Enforce validation for all tool invocations to prevent malformed or malicious input from reaching tool implementations. ‍
7. Rate Limiting: Implement rate limiting to prevent abuse and ensure fair usage of server resources.

Implementation Guidelines

1. Capability Negotiation: During connection setup, exchange information about supported features, protocol versions, available tools, and resources. ‍
2. Tool Design: Create focused tools that do one thing well, rather than monolithic tools that handle multiple concerns. ‍
3. Error Handling: Implement standardized error messages and codes to help diagnose issues, handle failures gracefully, and provide actionable feedback. ‍
4. Logging: Configure structured logs for auditing, debugging, and monitoring protocol interactions. ‍
5. Progress Tracking: For long-running operations, report progress updates to enable responsive user interfaces. ‍
6. Request Cancellation: Allow clients to cancel in-flight requests that are no longer needed or take too long.

Conclusion: Why MCP is the Future of AI Integrations

Building MCP for AI using the Model Context Protocol helps organizations create flexible, secure, and scalable AI integrations. With MCP servers, clients, tools, and resources, teams can transition from custom connectors to a standardized approach that accelerates AI adoption.

For AI-driven engineering, cybersecurity workflows, and automation, MCP empowers your systems to interact with external environments more effectively.

FAQ: Build MCP for AI

1. What is MCP used for in AI?

MCP enables AI applications to access tools, data, and workflows using a unified protocol, improving integration and automation.

2. Why MCP?

MCP helps you build agents and complex workflows on top of LLMs, frequently need to integrate with data and tools  

3. How does MCP works?

MCP creates a bridge between your AI applications and your data

4. What are MCP tools?

MCP tools are server-side functions that AI models can call, such as time utilities, APIs, or automation scripts.

5. Who builds the MCP Servers?

• Developers who build servers for common tools and data sources
• Open source contributors who create servers for tools they use
• Enterprise development teams building servers for their internal systems
• Software providers making their applications AI-ready

6. Is MCP secure?

Yes, but security features must be implemented manually including authentication, validation, and rate limiting.

7. Does MCP support enterprise use cases?

Yes. MCP enables enterprise automation, workflow orchestration, cybersecurity intelligence, and app extensions for LLMs.