I have an Windows Application consuming OData v4
WebAPI using DataServiceContext
. WebApi is over SSL but still I think anyone can trap request using Web Debugging Tools like fiddler (on the Windows Application Host Machine) and can re-issue the request by altering Request Body.
So I was just thinking what if I could encrypt RequestBody
of outgoing Request in Windows Application using Public/Private Key in Production Environment. If yes how could I?
Do I need to create custom DataServiceClientRequestMessage
or need to hook encryption process somewhere in DataServiceContext
.
The Request would be decrypted using MessageHandler
.
Yes, I think you can write your custom DataServiceClientRequestMessage
, and overwrite GetStream()
to encrypt the output stream. Then, set the new message to DataServiceContext with DataServiceContext.Configurations.RequestPipeline.OnMessageCreating = new CustomRequestMessage()
.
You can refer a custom DataServiceClientRequestMessage
example at OData github repository. TestDataServiceClientRequestMessage.cs and DataServiceContextWithCustomTransportLayer.cs
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.