Skip to main content

Definition

Assembly: Microsoft.OData.Mcp.Core.dll Namespace: Microsoft.OData.Mcp.Core.Configuration Inheritance: System.Object

Syntax

Microsoft.OData.Mcp.Core.Configuration.SecurityConfiguration

Summary

Configuration for security policies and restrictions.

Remarks

Security configuration includes CORS policies, rate limiting, request size limits, and other security-related settings to protect the MCP server from various threats.

Constructors

.ctor

Initializes a new instance of the SecurityConfiguration class.

Syntax

public SecurityConfiguration()

.ctor Inherited

Inherited from object

Syntax

public Object()

Properties

AllowedHosts

Gets or sets the allowed hosts.

Syntax

public System.Collections.Generic.List<string> AllowedHosts { get; set; }

Property Value

Type: System.Collections.Generic.List<string> A list of hosts that are allowed to make requests to the server.

Remarks

Host restrictions help prevent host header injection attacks and ensure requests are only accepted from legitimate sources.

AllowedHttpMethods

Gets or sets the allowed HTTP methods.

Syntax

public System.Collections.Generic.List<string> AllowedHttpMethods { get; set; }

Property Value

Type: System.Collections.Generic.List<string> A list of HTTP methods that are allowed for requests.

Remarks

Method restrictions limit the attack surface by only allowing necessary HTTP methods for the application’s functionality.

ContentSecurityPolicy

Gets or sets the content security policy.

Syntax

public string ContentSecurityPolicy { get; set; }

Property Value

Type: string? The Content Security Policy (CSP) header value.

Remarks

CSP helps prevent XSS attacks by controlling which resources the browser is allowed to load for the page.

CustomProperties

Gets or sets custom security properties.

Syntax

public System.Collections.Generic.Dictionary<string, object> CustomProperties { get; set; }

Property Value

Type: System.Collections.Generic.Dictionary<string, object> A dictionary of custom security configuration values.

Remarks

Custom properties allow extending the configuration with security settings specific to particular deployment environments or requirements.

DataProtection

Gets or sets the data protection configuration.

Syntax

public Microsoft.OData.Mcp.Core.Configuration.DataProtectionConfiguration DataProtection { get; set; }

Property Value

Type: Microsoft.OData.Mcp.Core.Configuration.DataProtectionConfiguration Configuration for protecting sensitive data.

Remarks

Data protection configuration specifies how sensitive data should be encrypted, hashed, or otherwise protected both in transit and at rest.

EnableDetailedErrors

Gets or sets a value indicating whether to include detailed error information in responses.

Syntax

public bool EnableDetailedErrors { get; set; }

Property Value

Type: bool true to include detailed errors; otherwise, false.

Remarks

Detailed error information is useful for debugging but can expose sensitive information to attackers. This should be disabled in production.

EnableRateLimiting

Gets or sets a value indicating whether rate limiting is enabled.

Syntax

public bool EnableRateLimiting { get; set; }

Property Value

Type: bool true to enable rate limiting; otherwise, false.

Remarks

Rate limiting protects against denial-of-service attacks and abuse by limiting the number of requests from individual clients.

InputValidation

Gets or sets the input validation configuration.

Syntax

public Microsoft.OData.Mcp.Core.Configuration.InputValidationConfiguration InputValidation { get; set; }

Property Value

Type: Microsoft.OData.Mcp.Core.Configuration.InputValidationConfiguration Configuration for validating user input.

Remarks

Input validation helps prevent injection attacks and ensures data integrity by validating all user-provided data.

IpRestrictions

Gets or sets the IP address restrictions.

Syntax

public Microsoft.OData.Mcp.Core.Configuration.IpRestrictionConfiguration IpRestrictions { get; set; }

Property Value

Type: Microsoft.OData.Mcp.Core.Configuration.IpRestrictionConfiguration Configuration for IP-based access control.

Remarks

IP restrictions provide network-level access control by allowing or denying requests based on client IP addresses.

MaxQueryParameters

Gets or sets the maximum number of query string parameters.

Syntax

public int MaxQueryParameters { get; set; }

Property Value

Type: int The maximum number of parameters allowed in query strings.

Remarks

Parameter count limits prevent parsing-based attacks and ensure predictable request processing performance.

MaxQueryStringLength

Gets or sets the maximum query string length.

Syntax

public int MaxQueryStringLength { get; set; }

Property Value

Type: int The maximum length allowed for query strings.

Remarks

Query string length limits prevent URL-based attacks and ensure compatibility with various web servers and proxies.

MaxRequestSize

Gets or sets the maximum request size in bytes.

Syntax

public long MaxRequestSize { get; set; }

Property Value

Type: long The maximum size allowed for HTTP request bodies.

Remarks

Request size limits prevent memory exhaustion attacks and ensure predictable resource usage.

RateLimiting

Gets or sets the rate limiting configuration.

Syntax

public Microsoft.OData.Mcp.Core.Configuration.RateLimitingConfiguration RateLimiting { get; set; }

Property Value

Type: Microsoft.OData.Mcp.Core.Configuration.RateLimitingConfiguration Configuration for request rate limiting.

Remarks

Rate limiting configuration specifies the limits, time windows, and policies for controlling request rates.

RequireHttps

Gets or sets a value indicating whether HTTPS is required.

Syntax

public bool RequireHttps { get; set; }

Property Value

Type: bool true to require HTTPS for all requests; otherwise, false.

Remarks

HTTPS should be required in production environments to protect data in transit. Development environments may disable this for convenience.

SecurityHeaders

Gets or sets the security headers configuration.

Syntax

public Microsoft.OData.Mcp.Core.Configuration.SecurityHeadersConfiguration SecurityHeaders { get; set; }

Property Value

Type: Microsoft.OData.Mcp.Core.Configuration.SecurityHeadersConfiguration Configuration for security-related HTTP headers.

Remarks

Security headers provide additional protection against various web-based attacks like XSS, clickjacking, and MIME sniffing.

Methods

Clone

Creates a copy of this configuration.

Syntax

public Microsoft.OData.Mcp.Core.Configuration.SecurityConfiguration Clone()

Returns

Type: Microsoft.OData.Mcp.Core.Configuration.SecurityConfiguration A new instance with the same settings.

Equals Inherited Virtual

Inherited from object

Syntax

public virtual bool Equals(object obj)

Parameters

NameTypeDescription
objobject?-

Returns

Type: bool

Equals Inherited

Inherited from object

Syntax

public static bool Equals(object objA, object objB)

Parameters

NameTypeDescription
objAobject?-
objBobject?-

Returns

Type: bool

ForDevelopment

Creates a configuration optimized for development environments.

Syntax

public static Microsoft.OData.Mcp.Core.Configuration.SecurityConfiguration ForDevelopment()

Returns

Type: Microsoft.OData.Mcp.Core.Configuration.SecurityConfiguration A security configuration suitable for development.

ForProduction

Creates a configuration optimized for production environments.

Syntax

public static Microsoft.OData.Mcp.Core.Configuration.SecurityConfiguration ForProduction()

Returns

Type: Microsoft.OData.Mcp.Core.Configuration.SecurityConfiguration A security configuration suitable for production.

GetHashCode Inherited Virtual

Inherited from object

Syntax

public virtual int GetHashCode()

Returns

Type: int

GetType Inherited

Inherited from object

Syntax

public System.Type GetType()

Returns

Type: System.Type

IsHostAllowed

Determines whether the specified host is allowed.

Syntax

public bool IsHostAllowed(string host)

Parameters

NameTypeDescription
hoststringThe host to check.

Returns

Type: bool true if the host is allowed; otherwise, false.

IsHttpMethodAllowed

Determines whether the specified HTTP method is allowed.

Syntax

public bool IsHttpMethodAllowed(string method)

Parameters

NameTypeDescription
methodstringThe HTTP method to check.

Returns

Type: bool true if the method is allowed; otherwise, false.

MemberwiseClone Inherited

Inherited from object

Syntax

protected internal object MemberwiseClone()

Returns

Type: object

MergeWith

Merges another configuration into this one, with the other configuration taking precedence.

Syntax

public void MergeWith(Microsoft.OData.Mcp.Core.Configuration.SecurityConfiguration other)

Parameters

NameTypeDescription
otherMicrosoft.OData.Mcp.Core.Configuration.SecurityConfigurationThe configuration to merge into this one.

Exceptions

ExceptionDescription
ArgumentNullExceptionThrown when other is null.

ReferenceEquals Inherited

Inherited from object

Syntax

public static bool ReferenceEquals(object objA, object objB)

Parameters

NameTypeDescription
objAobject?-
objBobject?-

Returns

Type: bool

ToString Inherited Virtual

Inherited from object

Syntax

public virtual string ToString()

Returns

Type: string?

Validate

Validates the security configuration.

Syntax

public System.Collections.Generic.IEnumerable<string> Validate()

Returns

Type: System.Collections.Generic.IEnumerable<string> A collection of validation errors, or empty if the configuration is valid.