Most Model Context Protocol (MCP) tutorials demonstrate a calculator tool.

While useful for understanding the basics, calculators don't represent how MCP is used in real organizations.

Enterprises want AI clients to interact with business capabilities such as customer management, invoicing, inventory systems, knowledge bases, support platforms, and internal search engines.

The challenge isn't implementing MCP itself.

The challenge is exposing enterprise systems securely, reliably, and in a way that scales across multiple AI clients.

In this article, we'll build an enterprise MCP architecture using ASP.NET Core that allows AI tools such as Claude Desktop, Cursor, and VS Code to discover and interact with business systems through a standardized interface.

Why MCP Matters

Before MCP, integrating AI with enterprise systems usually looked like this:

AI
 ↓
Custom REST Integration
 ↓
Custom Prompt
 ↓
Custom Parser

Every AI provider required:

• Different integrations
• Different prompts
• Different response handling
• Different parsing logic
• Different maintenance efforts

This created a significant amount of duplication and technical debt.

With MCP, the architecture becomes:

AI Client
 ↓
MCP
 ↓
Discover Tools
 ↓
Call Tool
 ↓
Structured Result

Instead of writing provider-specific integrations, organizations expose business capabilities once through MCP.

Any compatible AI client can then discover and consume those capabilities.

Benefits include:

• Standardized integrations
• Reduced development effort
• Improved interoperability
• Better governance
• Easier maintenance
• Consistent tool discovery

MCP acts as a common language between AI clients and enterprise systems.

What We'll Build

Our architecture will look like this:

                Claude Desktop
                       │
                Cursor / VS Code
                       │
                  MCP Client
                       │
               MCP Server (.NET)
        ┌─────────┬─────────┬─────────┐
        │         │         │
 Customer API  Invoice API  Product API
        │         │         │
       SQL    ASP.NET Core  Redis
        │         │         │
 Business Logic & Authorization

The MCP Server becomes the secure gateway between AI clients and enterprise capabilities.

Understanding MCP Architecture

Many tutorials explain MCP conceptually but never show how it fits into a real application.

Let's break down the major components.

MCP Client

The client is the AI application consuming MCP capabilities.

Examples include:

• Claude Desktop
• Cursor
• VS Code AI extensions
• Internal AI assistants
• Enterprise copilots

The client discovers available capabilities and invokes them when needed.

MCP Server

The MCP Server exposes business functionality in a standardized format.

Responsibilities include:

• Tool registration
• Resource discovery
• Prompt templates
• Authentication
• Authorization
• Logging
• Auditing
• Version management

In ASP.NET Core, this becomes a dedicated service layer that sits in front of business systems.

Tools

Tools represent executable business actions.

Examples:

SearchCustomer()
GenerateInvoice()
GetInventory()
CreateSupportTicket()
SearchKnowledgeBase()
GetSalesReport()

A tool performs an action and returns a structured result.

Tools should remain focused and predictable.

Avoid creating giant tools that perform multiple unrelated operations.

Resources

Resources provide information without performing actions.

Examples:

Customer Documentation
Product Catalog
Sales Policies
Support Procedures
HR Guidelines
Knowledge Base Articles

Resources are ideal for retrieval and contextual grounding.

Unlike tools, resources should not change application state.

Prompts

Prompts expose reusable templates that AI clients can leverage.

Examples:

Summarize Customer
Generate Sales Report
Review Support Ticket
Create Product Analysis

Prompt templates help standardize interactions and improve consistency across clients.

Project Structure

A practical enterprise implementation might use the following structure:

AspNetCoreEnterpriseMCP

├── MCP
│     ├── ToolRegistry
│     ├── ResourceProvider
│     ├── PromptProvider
│
├── APIs
│     ├── CustomerAPI
│     ├── ProductAPI
│     ├── InvoiceAPI
│
├── Services
│
├── Authorization
│
├── Logging
│
├── Observability
│
└── README

This keeps MCP concerns isolated from business logic while allowing teams to scale independently.

Designing Enterprise Tools

Most examples use tools like:

Calculator()
Weather()
RandomNumber()

Real businesses require tools aligned with operational workflows.

Examples include:

SearchCustomer

SearchCustomer(customerId)

Returns:

• Customer profile
• Account status
• Contact information
• Recent activity

GenerateInvoice

GenerateInvoice(customerId, orderId)

Returns:

• Invoice number
• Billing information
• Amount due
• Payment status

GetInventory

GetInventory(productId)

Returns:

• Stock availability
• Warehouse location
• Reorder status

SearchKnowledgeBase

SearchKnowledgeBase(query)

Returns:

• Relevant documents
• Support articles
• Internal guidance

CreateTicket

CreateTicket(customerId, issue)

Returns:

• Ticket ID
• Status
• Assigned queue

GetSalesReport

GetSalesReport(startDate, endDate)

Returns:

• Revenue metrics
• Customer trends
• Product performance

These tools expose business capabilities rather than technical functionality.

Tool Discovery

One of MCP's biggest advantages is automatic tool discovery.

AI clients can query the server and understand available capabilities without hardcoded integrations.

This makes tool metadata critically important.

Every tool should include:

• Clear name
• Purpose
• Parameters
• Return schema
• Usage guidance

Poor descriptions lead to poor tool selection.

Good descriptions increase accuracy and reduce unnecessary tool calls.

For example:

GenerateInvoice

Creates a finalized customer invoice from an approved order.
Requires customer ID and order ID.
Returns invoice details and payment information.

This is far more useful than:

InvoiceTool

Concise and descriptive schemas improve tool selection dramatically.

Authentication

Never trust the AI client.

Every MCP request should be authenticated and authorized.

Supported mechanisms include:

JWT

Ideal for web applications and enterprise APIs.

OAuth 2.0

Suitable for delegated access and third-party integrations.

API Keys

Useful for service-to-service communication.

Service Accounts

Recommended for internal automation and enterprise workflows.

Authentication verifies identity.

Authorization determines what actions are allowed.

Both are required.

Resource Access

A common source of confusion is the difference between tools and resources.

Tool

Performs an action.

Example:

CreateInvoice()

State changes occur.

Business logic executes.

Resource

Provides information.

Example:

Customer Documentation

No state changes occur.

The client simply retrieves content.

A good rule:

If it changes something, it's a tool.

If it provides information, it's a resource.

Prompt Templates

Prompt templates provide reusable instructions for AI clients.

Examples:

Summarize Customer

Summarize customer profile, recent purchases,
support history, and account health.

Generate Sales Report

Create an executive sales summary for the selected period.
Include trends, anomalies, and recommendations.

Review Support Ticket

Analyze ticket details and suggest the next best action.

Prompt templates improve consistency and reduce duplicated prompt engineering efforts.

Versioning

Versioning is one of the most overlooked MCP topics.

Enterprise systems evolve continuously.

Tool schemas change.

Parameters change.

Business requirements change.

Without versioning, AI clients break unexpectedly.

Version:

• Tool schemas
• Parameters
• Resources
• Prompt templates

Example:

v1/SearchCustomer
v2/SearchCustomer

Deprecate older versions gradually.

Provide migration guidance whenever possible.

Never introduce breaking changes without versioning.

Observability

MCP platforms require the same operational visibility as any other distributed system.

Track:

• Tool invocations
• Client type
• Response time
• Errors
• Authorization failures
• Resource access
• Prompt usage

Using OpenTelemetry, you can capture traces across the entire request lifecycle.

Example metrics:

Tool: GenerateInvoice

Invocations: 1,204

Average Latency: 240 ms

Failures: 3

Authorization Failures: 1

Observability is essential for troubleshooting and capacity planning.

Security

Enterprise adoption depends heavily on security.

Key recommendations include:

Least Privilege

Grant only the permissions required.

Rate Limiting

Prevent abuse and excessive consumption.

Sensitive Resources

Protect confidential data.

Examples:

• Financial reports
• HR records
• Customer PII
• Internal documents

Audit Logs

Record:

• Who accessed what
• When access occurred
• Which tool executed
• Authorization outcome

Tool Permissions

Different users should have access to different capabilities.

Example:

Finance Team
    ↓
GenerateInvoice

Support Team
    ↓
CreateTicket

Sales Team
    ↓
GetSalesReport

Authorization should be enforced by the platform, not by the AI model.

Common Mistakes

Avoid these anti-patterns:

❌ Exposing database access directly

❌ Creating giant tools that perform multiple jobs

❌ Skipping authorization

❌ Ignoring versioning

❌ Missing audit logs

❌ No observability

❌ Treating MCP as just another API layer

Successful MCP implementations prioritize governance and security from day one.

Repository Features

Our ASP.NET Core Enterprise MCP Server includes:

• ASP.NET Core 9
• MCP Server
• JWT Authentication
• Tool Discovery
• Resource Providers
• Prompt Templates
• OpenTelemetry
• Serilog
• Docker Support
• Swagger Integration
• Enterprise APIs
• Audit Logging
• Role-Based Authorization

This foundation enables secure and scalable AI integrations across the organization.

Recommended Screenshots

Include the following screenshots throughout the article:

1. Claude Desktop calling MCP tools
2. Cursor discovering MCP capabilities
3. Tool discovery interface
4. Swagger endpoints
5. Enterprise architecture diagram
6. OpenTelemetry traces
7. Authorization validation
8. Audit log entries

These visuals help readers understand how MCP operates in real environments.

Conclusion

MCP is far more than a protocol for exposing simple utilities. It provides a standardized way for AI clients to discover and interact with enterprise capabilities.

By exposing tools, resources, and prompt templates through a secure ASP.NET Core MCP server, organizations can reduce integration complexity while improving governance, observability, and scalability.

The real challenge is not implementing MCP itself. The challenge is exposing business systems safely, maintaining compatibility over time, and ensuring every interaction remains observable and auditable.

Our AI platform now exposes business capabilities through MCP, but one question remains: How do we know if the AI is actually producing good answers? In the next article, we'll build an evaluation framework to measure correctness, latency, hallucinations, and cost before AI features reach production.