Skip to content

dotnet-mcp-server

A .NET 8 MCP server that exposes enterprise tools to AI assistants — Claude Desktop, VS Code, Cursor, Windsurf, and more.

.NET C# MCP License CI

Install in 60 seconds

dotnet tool install -g DotnetMcpServer
dotnet-mcp-server --init

The --init wizard creates your config file. Then connect any MCP-compatible client and start asking questions.

Full Installation Guide → Connect Your Client →

What is MCP?

The Model Context Protocol is Anthropic's open standard that lets AI assistants connect to external data sources and tools. Instead of copying data into prompts, the AI calls tools directly.

This server brings MCP to the .NET ecosystem. It works with any MCP-compatible client.

Nine Built-in Tools

Tool What it does
DateTime Current time, timezone conversions
FileSystem Read files, list directories (within allowed paths)
SQL Query Read-only SQL queries against configured databases
HTTP Request GET/POST to allowed external APIs
Text Regex, word count, diff, JSON/XML formatting
Data Transform JSON query, CSV/JSON/XML conversion, base64, hashing
Environment Get/list environment variables (sensitive values masked)
System Info OS details, processes, network interfaces
Git Read-only Git: status, log, diff, branches, blame

Your Secrets Stay Safe

When you connect an AI to your databases and files, you need to know that your passwords, API keys, and credentials are protected. dotnet-mcp-server is built so that secrets never leave your machine and are never seen by the AI — this is enforced structurally, not by policy.

  • Database passwords live in appsettings.json. The AI only sees connection names, never connection strings.
  • All error messages are sanitized — passwords are stripped before any response reaches the AI.
  • The SQL tool has no password parameter. The AI cannot ask for one.
  • Environment variables with sensitive names are masked at the source (***).

Full Security & Trust Guide →

Security by Default

Every tool ships with security constraints that are on by default and cannot be bypassed at runtime:

  • File access restricted to configured directories only
  • SQL queries are SELECT-only (17 dangerous keywords blocked)
  • HTTP requests limited to an allowed host list
  • Environment variable masking for secrets
  • Git operations are read-only with argument sanitization
  • Regex timeout protection against ReDoS attacks
  • XXE prevention in XML parsing

Security Constraints Reference →

Extend with Plugins

Write your own tool as a .NET class library and drop the DLL in the plugins/ folder — no fork required.

dotnet new install DotnetMcpServer.Templates
dotnet new mcp-tool -n WeatherTool

Plugin Development Guide →