This guide shows you how to test your Azure Cosmos DB MCP Server using the secure web interface with enterprise-grade Microsoft Entra authentication.
The Azure Cosmos DB MCP Toolkit includes an enhanced web interface that provides:
- ✅ Secure Microsoft Entra Authentication - No token copy/paste required
- ✅ Interactive MCP Tool Testing - Forms for all Cosmos DB operations
- ✅ Real-time JSON-RPC Calls - Direct protocol testing
- ✅ Auto-generated cURL Examples - For automation and scripting
- ✅ Role-based Security - Validates
Mcp.Tool.Executorpermissions - ✅ Enterprise Compliance - Uses Microsoft Authentication Library (MSAL)
The web interface is automatically deployed with your Container App:
- Find your Container App URL from deployment output or
scripts/deployment-info.json - Open in browser:
https://your-container-app-url.azurecontainerapps.io/ - Start testing - No additional setup required!
Example:
https://mcp-toolkit-app.icywave-532ba7dd.westus2.azurecontainerapps.io/
If you want to test against your local development server:
# Clone the repository
git clone https://github.com/AzureCosmosDB/MCPToolKit.git
cd MCPToolKit
# Run the application locally
cd src/AzureCosmosDB.MCP.Toolkit
dotnet run
# Open browser to local URL
# http://localhost:8080/To use the web interface without running the full application:
# Copy the HTML file from the repository
cp src/AzureCosmosDB.MCP.Toolkit/wwwroot/index.html cosmos-mcp-client.html
# Start a simple HTTP server
python -m http.server 3000
# Open browser
# http://localhost:3000/cosmos-mcp-client.htmlYour Client ID is created automatically during deployment. Find it in:
- From deployment output: Check
scripts/deployment-info.json - From Azure Portal: Go to Azure Active Directory > App Registrations
- From Azure CLI:
az ad app list --display-name "*cosmos*" --query "[].{Name:displayName, ClientId:appId}"
- Enter Client ID: Paste your Entra ID app's Client ID
- Tenant ID: Leave empty to use your default tenant (or specify if needed)
- Server URL: Your deployed MCP server URL (from deployment-info.json)
- Click "🔑 Sign In with Microsoft Entra"
- Microsoft login popup appears - standard OAuth flow
- Use your corporate/personal Microsoft account
- Grant permissions if prompted
- Success: Shows ✅ Authenticated with your user info
list_databases- List all databases in your Cosmos DB accountlist_collections- List containers in a specific databaseget_recent_documents- Get recent documents from a containerfind_document_by_id- Find a specific document by IDtext_search- Full-text search within documentsvector_search- Semantic search using AI embeddingsget_approximate_schema- Analyze document structure
- List Tools: Click to see all available MCP tools
- Expand "Test Cosmos DB Tools" section
- Fill in parameters:
- Database ID: Your Cosmos DB database name
- Container ID: Your container name
- Tool-specific parameters (document ID, search terms, etc.)
- Select tool from dropdown
- Click "Invoke Selected Tool"
1. Click "List Tools" - See all available tools
2. Select "list_databases" - No parameters needed
3. Click "Invoke Selected Tool" - See your databases
4. Enter a database name
5. Select "list_collections" - See containers in that database
1. Enter Database ID: "your-db-name"
2. Enter Container ID: "your-container-name"
3. Select "get_recent_documents"
4. Set result count: 5
5. Click "Invoke Selected Tool" - See recent documents
1. Configure database and container
2. Select "text_search"
3. Property: "name" (or any property in your documents)
4. Search Phrase: "Azure" (or relevant search term)
5. Result count: 10
6. Click "Invoke Selected Tool" - See matching documents
- Check: Client ID is correct
- Check: User has
Mcp.Tool.Executorrole assigned - Solution: Assign role with:
az ad app role assignment create \ --id "your-client-id" \ --principal "user@domain.com" \ --role "Mcp.Tool.Executor"
- Expected: Browser security prevents direct calls
- Solution: Use the generated cURL commands instead
- Alternative: Test from command line or deployed frontend
- Check: Server URL is correct and accessible
- Check: MCP server is running and healthy
- Test: Visit
https://your-server-url/health
- Check: MCP server has access to Cosmos DB
- Check: Cosmos DB account has data
- Verify: Connection strings and permissions
The interface automatically validates:
- ✅ Valid Microsoft Entra token
- ✅ Correct audience (
api://your-client-id) - ✅ Required role claims (
Mcp.Tool.Executor) - ✅ Token expiration and refresh
The interface generates ready-to-use cURL commands:
# Copy from the "Equivalent cURL Commands" section
curl -X POST "https://your-app.azurecontainerapps.io/mcp" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer eyJ0eXAiOiJKV1Q..." \
-d '{"jsonrpc":"2.0","method":"tools/list","id":1}'Use these for:
- Automation scripts
- CI/CD pipelines
- Command line testing
- Integration with other tools
After successful web testing:
- Integrate with Microsoft Foundry - Connect as MCP server
- Automate with scripts - Use generated cURL commands
- Deploy to production - Scale your MCP server
- Monitor usage - Check Microsoft Entra logs and Container App metrics
- Health Endpoint:
GET /health- Check server status - GitHub Issues: Report problems with detailed logs
- Azure Logs: Check Container App logs for server-side issues
- Authentication Logs: Review Microsoft Entra sign-in logs
The web interface provides the same professional testing experience as the PostgreSQL MCP demo, with enterprise-grade security that your IT team will approve! 🛡️