问题
I have an Windows Application consuming OData v4 WebAPI using DataServiceContext. WebApi is over SSL but still I think anyone can trap request using Web Debugging Tools like fiddler (on the Windows Application Host Machine) and can re-issue the request by altering Request Body.
So I was just thinking what if I could encrypt RequestBody of outgoing Request in Windows Application using Public/Private Key in Production Environment. If yes how could I?
Do I need to create custom DataServiceClientRequestMessage or need to hook encryption process somewhere in DataServiceContext.
The Request would be decrypted using MessageHandler.
ServiceStack Encrypted Messaging
回答1:
Yes, I think you can write your custom DataServiceClientRequestMessage, and overwrite GetStream() to encrypt the output stream.
Then, set the new message to DataServiceContext with DataServiceContext.Configurations.RequestPipeline.OnMessageCreating = new CustomRequestMessage().
You can refer a custom DataServiceClientRequestMessage example at OData github repository. TestDataServiceClientRequestMessage.cs and DataServiceContextWithCustomTransportLayer.cs
来源:https://stackoverflow.com/questions/37455480/how-could-i-encrypt-odata-request-payload-at-client-sidedataservicecontext-and