I have an Windows Application consuming OData v4 WebAPI using DataServiceContext. WebApi is over SSL but still I think anyone can trap request using Web Debugging Tools like fiddler (on the Windows Application Host Machine) and can re-issue the request by altering Request Body.

So I was just thinking what if I could encrypt RequestBody of outgoing Request in Windows Application using Public/Private Key in Production Environment. If yes how could I?

Do I need to create custom DataServiceClientRequestMessage or need to hook encryption process somewhere in DataServiceContext.

The Request would be decrypted using MessageHandler.

ServiceStack Encrypted Messaging

Yes, I think you can write your custom DataServiceClientRequestMessage, and overwrite GetStream() to encrypt the output stream. Then, set the new message to DataServiceContext with DataServiceContext.Configurations.RequestPipeline.OnMessageCreating = new CustomRequestMessage().

You can refer a custom DataServiceClientRequestMessage example at OData github repository. TestDataServiceClientRequestMessage.cs and DataServiceContextWithCustomTransportLayer.cs