如何加密客户端的OData请求负载(DataServiceContext)和ServerSide的解密请求? [英] How could I Encrypt OData Request Payload at Client Side(DataServiceContext) and Decrypting Request at ServerSide?
问题描述
我有一个Windows应用程序消费 OData v4
WebAPI使用 DataServiceContext
。 WebApi已经通过SSL,但是我仍然认为任何人都可以使用虚拟机调试工具(如Windows应用程序主机)捕获请求,并可以通过更改请求主体来重新发出请求。
I have an Windows Application consuming OData v4
WebAPI using DataServiceContext
. WebApi is over SSL but still I think anyone can trap request using Web Debugging Tools like fiddler (on the Windows Application Host Machine) and can re-issue the request by altering Request Body.
所以我只是在想,如果我可以使用生产环境中的公钥/私钥在Windows应用程序中加密 RequestBody
。如果是,我可以如何?
So I was just thinking what if I could encrypt RequestBody
of outgoing Request in Windows Application using Public/Private Key in Production Environment. If yes how could I?
我需要创建自定义的 DataServiceClientRequestMessage
或者需要将加密过程挂钩在 DataServiceContext
。
Do I need to create custom DataServiceClientRequestMessage
or need to hook encryption process somewhere in DataServiceContext
.
请求将使用 MessageHandler
解密。
推荐答案
是的,我想你可以编写自定义的 DataServiceClientRequestMessage
并覆盖 GetStream()
来加密输出流。
然后,将新消息设置为带有 DataServiceContext.Configurations.RequestPipeline.OnMessageCreating = new CustomRequestMessage()
的DataServiceContext。
Yes, I think you can write your custom DataServiceClientRequestMessage
, and overwrite GetStream()
to encrypt the output stream.
Then, set the new message to DataServiceContext with DataServiceContext.Configurations.RequestPipeline.OnMessageCreating = new CustomRequestMessage()
.
您可以在OData github资源库中引用自定义的 DataServiceClientRequestMessage
示例。