> ## Documentation Index > Fetch the complete documentation index at: https://easyaf.dev/llms.txt > Use this file to discover all available pages before exploring further. # SecurityConfiguration > Configuration for security policies and restrictions. export function DocsBadge({text, variant = 'neutral'}) { const variantClasses = { success: 'mint-bg-green-500/10 mint-text-green-600 dark:mint-text-green-400 mint-border-green-500/20', neutral: 'mint-bg-slate-500/10 mint-text-slate-600 dark:mint-text-slate-400 mint-border-slate-500/20', info: 'mint-bg-blue-500/10 mint-text-blue-600 dark:mint-text-blue-400 mint-border-blue-500/20', warning: 'mint-bg-amber-500/10 mint-text-amber-600 dark:mint-text-amber-400 mint-border-amber-500/20', danger: 'mint-bg-red-500/10 mint-text-red-600 dark:mint-text-red-400 mint-border-red-500/20' }; const classes = variantClasses[variant] || variantClasses.neutral; return {text} ; } ## Definition **Assembly:** Microsoft.OData.Mcp.Core.dll **Namespace:** Microsoft.OData.Mcp.Core.Configuration **Inheritance:** System.Object ## Syntax ```csharp theme={"dark"} Microsoft.OData.Mcp.Core.Configuration.SecurityConfiguration ``` ## Summary Configuration for security policies and restrictions. ## Remarks Security configuration includes CORS policies, rate limiting, request size limits, and other security-related settings to protect the MCP server from various threats. ## Constructors ### .ctor Initializes a new instance of the [SecurityConfiguration](/odata-mcp/api-reference/Microsoft/OData/Mcp/Core/Configuration/SecurityConfiguration) class. #### Syntax ```csharp theme={"dark"} public SecurityConfiguration() ``` ### .ctor Inherited from `object` #### Syntax ```csharp theme={"dark"} public Object() ``` ## Properties ### AllowedHosts Gets or sets the allowed hosts. #### Syntax ```csharp theme={"dark"} public System.Collections.Generic.List AllowedHosts { get; set; } ``` #### Property Value Type: `System.Collections.Generic.List` A list of hosts that are allowed to make requests to the server. #### Remarks Host restrictions help prevent host header injection attacks and ensure requests are only accepted from legitimate sources. ### AllowedHttpMethods Gets or sets the allowed HTTP methods. #### Syntax ```csharp theme={"dark"} public System.Collections.Generic.List AllowedHttpMethods { get; set; } ``` #### Property Value Type: `System.Collections.Generic.List` A list of HTTP methods that are allowed for requests. #### Remarks Method restrictions limit the attack surface by only allowing necessary HTTP methods for the application's functionality. ### ContentSecurityPolicy Gets or sets the content security policy. #### Syntax ```csharp theme={"dark"} public string ContentSecurityPolicy { get; set; } ``` #### Property Value Type: `string?` The Content Security Policy (CSP) header value. #### Remarks CSP helps prevent XSS attacks by controlling which resources the browser is allowed to load for the page. ### CustomProperties Gets or sets custom security properties. #### Syntax ```csharp theme={"dark"} public System.Collections.Generic.Dictionary CustomProperties { get; set; } ``` #### Property Value Type: `System.Collections.Generic.Dictionary` A dictionary of custom security configuration values. #### Remarks Custom properties allow extending the configuration with security settings specific to particular deployment environments or requirements. ### DataProtection Gets or sets the data protection configuration. #### Syntax ```csharp theme={"dark"} public Microsoft.OData.Mcp.Core.Configuration.DataProtectionConfiguration DataProtection { get; set; } ``` #### Property Value Type: `Microsoft.OData.Mcp.Core.Configuration.DataProtectionConfiguration` Configuration for protecting sensitive data. #### Remarks Data protection configuration specifies how sensitive data should be encrypted, hashed, or otherwise protected both in transit and at rest. ### EnableDetailedErrors Gets or sets a value indicating whether to include detailed error information in responses. #### Syntax ```csharp theme={"dark"} public bool EnableDetailedErrors { get; set; } ``` #### Property Value Type: `bool` `true` to include detailed errors; otherwise, `false`. #### Remarks Detailed error information is useful for debugging but can expose sensitive information to attackers. This should be disabled in production. ### EnableRateLimiting Gets or sets a value indicating whether rate limiting is enabled. #### Syntax ```csharp theme={"dark"} public bool EnableRateLimiting { get; set; } ``` #### Property Value Type: `bool` `true` to enable rate limiting; otherwise, `false`. #### Remarks Rate limiting protects against denial-of-service attacks and abuse by limiting the number of requests from individual clients. ### InputValidation Gets or sets the input validation configuration. #### Syntax ```csharp theme={"dark"} public Microsoft.OData.Mcp.Core.Configuration.InputValidationConfiguration InputValidation { get; set; } ``` #### Property Value Type: `Microsoft.OData.Mcp.Core.Configuration.InputValidationConfiguration` Configuration for validating user input. #### Remarks Input validation helps prevent injection attacks and ensures data integrity by validating all user-provided data. ### IpRestrictions Gets or sets the IP address restrictions. #### Syntax ```csharp theme={"dark"} public Microsoft.OData.Mcp.Core.Configuration.IpRestrictionConfiguration IpRestrictions { get; set; } ``` #### Property Value Type: `Microsoft.OData.Mcp.Core.Configuration.IpRestrictionConfiguration` Configuration for IP-based access control. #### Remarks IP restrictions provide network-level access control by allowing or denying requests based on client IP addresses. ### MaxQueryParameters Gets or sets the maximum number of query string parameters. #### Syntax ```csharp theme={"dark"} public int MaxQueryParameters { get; set; } ``` #### Property Value Type: `int` The maximum number of parameters allowed in query strings. #### Remarks Parameter count limits prevent parsing-based attacks and ensure predictable request processing performance. ### MaxQueryStringLength Gets or sets the maximum query string length. #### Syntax ```csharp theme={"dark"} public int MaxQueryStringLength { get; set; } ``` #### Property Value Type: `int` The maximum length allowed for query strings. #### Remarks Query string length limits prevent URL-based attacks and ensure compatibility with various web servers and proxies. ### MaxRequestSize Gets or sets the maximum request size in bytes. #### Syntax ```csharp theme={"dark"} public long MaxRequestSize { get; set; } ``` #### Property Value Type: `long` The maximum size allowed for HTTP request bodies. #### Remarks Request size limits prevent memory exhaustion attacks and ensure predictable resource usage. ### RateLimiting Gets or sets the rate limiting configuration. #### Syntax ```csharp theme={"dark"} public Microsoft.OData.Mcp.Core.Configuration.RateLimitingConfiguration RateLimiting { get; set; } ``` #### Property Value Type: `Microsoft.OData.Mcp.Core.Configuration.RateLimitingConfiguration` Configuration for request rate limiting. #### Remarks Rate limiting configuration specifies the limits, time windows, and policies for controlling request rates. ### RequireHttps Gets or sets a value indicating whether HTTPS is required. #### Syntax ```csharp theme={"dark"} public bool RequireHttps { get; set; } ``` #### Property Value Type: `bool` `true` to require HTTPS for all requests; otherwise, `false`. #### Remarks HTTPS should be required in production environments to protect data in transit. Development environments may disable this for convenience. ### SecurityHeaders Gets or sets the security headers configuration. #### Syntax ```csharp theme={"dark"} public Microsoft.OData.Mcp.Core.Configuration.SecurityHeadersConfiguration SecurityHeaders { get; set; } ``` #### Property Value Type: `Microsoft.OData.Mcp.Core.Configuration.SecurityHeadersConfiguration` Configuration for security-related HTTP headers. #### Remarks Security headers provide additional protection against various web-based attacks like XSS, clickjacking, and MIME sniffing. ## Methods ### Clone Creates a copy of this configuration. #### Syntax ```csharp theme={"dark"} public Microsoft.OData.Mcp.Core.Configuration.SecurityConfiguration Clone() ``` #### Returns Type: `Microsoft.OData.Mcp.Core.Configuration.SecurityConfiguration` A new instance with the same settings. ### Equals Inherited from `object` #### Syntax ```csharp theme={"dark"} public virtual bool Equals(object obj) ``` #### Parameters | Name | Type | Description | | ----- | --------- | ----------- | | `obj` | `object?` | - | #### Returns Type: `bool` ### Equals Inherited from `object` #### Syntax ```csharp theme={"dark"} public static bool Equals(object objA, object objB) ``` #### Parameters | Name | Type | Description | | ------ | --------- | ----------- | | `objA` | `object?` | - | | `objB` | `object?` | - | #### Returns Type: `bool` ### ForDevelopment Creates a configuration optimized for development environments. #### Syntax ```csharp theme={"dark"} public static Microsoft.OData.Mcp.Core.Configuration.SecurityConfiguration ForDevelopment() ``` #### Returns Type: `Microsoft.OData.Mcp.Core.Configuration.SecurityConfiguration` A security configuration suitable for development. ### ForProduction Creates a configuration optimized for production environments. #### Syntax ```csharp theme={"dark"} public static Microsoft.OData.Mcp.Core.Configuration.SecurityConfiguration ForProduction() ``` #### Returns Type: `Microsoft.OData.Mcp.Core.Configuration.SecurityConfiguration` A security configuration suitable for production. ### GetHashCode Inherited from `object` #### Syntax ```csharp theme={"dark"} public virtual int GetHashCode() ``` #### Returns Type: `int` ### GetType Inherited from `object` #### Syntax ```csharp theme={"dark"} public System.Type GetType() ``` #### Returns Type: `System.Type` ### IsHostAllowed Determines whether the specified host is allowed. #### Syntax ```csharp theme={"dark"} public bool IsHostAllowed(string host) ``` #### Parameters | Name | Type | Description | | ------ | -------- | ------------------ | | `host` | `string` | The host to check. | #### Returns Type: `bool` `true` if the host is allowed; otherwise, `false`. ### IsHttpMethodAllowed Determines whether the specified HTTP method is allowed. #### Syntax ```csharp theme={"dark"} public bool IsHttpMethodAllowed(string method) ``` #### Parameters | Name | Type | Description | | -------- | -------- | ------------------------- | | `method` | `string` | The HTTP method to check. | #### Returns Type: `bool` `true` if the method is allowed; otherwise, `false`. ### MemberwiseClone Inherited from `object` #### Syntax ```csharp theme={"dark"} protected internal object MemberwiseClone() ``` #### Returns Type: `object` ### MergeWith Merges another configuration into this one, with the other configuration taking precedence. #### Syntax ```csharp theme={"dark"} public void MergeWith(Microsoft.OData.Mcp.Core.Configuration.SecurityConfiguration other) ``` #### Parameters | Name | Type | Description | | ------- | -------------------------------------------------------------- | ----------------------------------------- | | `other` | `Microsoft.OData.Mcp.Core.Configuration.SecurityConfiguration` | The configuration to merge into this one. | #### Exceptions | Exception | Description | | ----------------------- | ---------------------------- | | `ArgumentNullException` | Thrown when *other* is null. | ### ReferenceEquals Inherited from `object` #### Syntax ```csharp theme={"dark"} public static bool ReferenceEquals(object objA, object objB) ``` #### Parameters | Name | Type | Description | | ------ | --------- | ----------- | | `objA` | `object?` | - | | `objB` | `object?` | - | #### Returns Type: `bool` ### ToString Inherited from `object` #### Syntax ```csharp theme={"dark"} public virtual string ToString() ``` #### Returns Type: `string?` ### Validate Validates the security configuration. #### Syntax ```csharp theme={"dark"} public System.Collections.Generic.IEnumerable Validate() ``` #### Returns Type: `System.Collections.Generic.IEnumerable` A collection of validation errors, or empty if the configuration is valid.