Open
Description
Currently it appears we can only add auth at the MapMcp level, which is good for securing the toolset, but is missing the granular control we enjoy in other web-based services.
Describe the solution you'd like
Something like .WithTools().RequireAuthorization(policy-name);
I appreciate the protocol itself may not currently have this specced out, but with the SSE aspect in the AspNetCore package maybe it's possible?
Given the potential for creating agents, it'd be a shame if limited security hindered adoption.