Azure-Functions icon indicating copy to clipboard operation
Azure-Functions copied to clipboard
verified publisher icon Azure

Support public remote MCP servers

Open TianqiZhang opened this issue 1 year ago • 4 comments

We are following https://techcommunity.microsoft.com/blog/AppsonAzureBlog/build-ai-agent-tools-using-remote-mcp-with-azure-functions/4401059 to build our remote MCP server PoC, however we found that we had to add mcp_extension system key in client configuration. This is very inconvenient to directly expose this server to users.

Is there plan to support a public remote server without auth? Or is there any recommended way to do this with other load balancer or proxy service like AFD or APIM?

TianqiZhang avatar Apr 11 '25 07:04 TianqiZhang

If you don't want to pass to pass the key to the clients, you can set the auth_level to anonymous but your MCP server will be unsecure. If you prefer a better authentication, you can use the easy auth from azure functions to delegate the azure authentication:

https://learn.microsoft.com/en-us/azure/app-service/overview-authentication-authorization

I think that configuring the easy auth and setting to anonymous the auth level you will solve your issue.

If you want to do the authentication using APIM take a look of:

https://github.com/Azure-Samples/remote-mcp-apim-functions-python/blob/main/infra/app/apim-oauth/authorize.policy.xml

dgl452 avatar Apr 21 '25 10:04 dgl452

For now, we would recommend using APIM or another reverse proxy. You cannot disable the system key requirement for these endpoints.

mattchenderson avatar Apr 23 '25 23:04 mattchenderson

@mattchenderson is there any plans to remove the system key if we have EasyAuth turned on?

swettstein avatar Jul 22 '25 17:07 swettstein

I think you can if you BYO MCP server which is what I'm doing. Rather than using the triggers. Because then you have full control over the host with a single mcp-handler. This lets you use the official MCP C# SDK for everything. So for example, I have a demo that doesn't use APIM and supports VS Code without any functions key because the ASP.NET Core MCP server is handling JWT verification and authZ (with Entra providing AuthN).

The rub is that without APIM layer, you can't support DCR and this makes it incompatible with tools like Claude.

However, I think you can still have the APIM layer like in these samples (+ PRM, which some samples don't have, + client token storage, which some samples don't have), and avoid having to force clients have functions key.

I'm thinking of combining all these samples together:

  • https://github.com/localden/remote-auth-mcp-apim-py (for CosmosDB-based DCR)
  • https://github.com/blackchoey/remote-mcp-apim-oauth-prm (for PRM and Streamable HTTP)
  • https://github.com/Azure-Samples/mcp-sdk-functions-hosting-dotnet (for BYO MCP)

I think not every part from every sample is needed, but APIM can fill the gaps.

I haven't quite figured out the magic formula yet but I'm working on it. It's sort of disappointing to not see updated examples with a full spec implementation as of Oct 2025 when most were made back in April. Definitely some room to make an official APIM MCP Gateway extension/product because this is a really sub-optimal experience for Entra ID users.

kamranayub avatar Oct 26 '25 15:10 kamranayub