The difference is very subtle. @Badri gave you a good quick explanation.
Looking for this poster, you understand what it is. Keep in mind that when you create your own DelegatingHandlers, you will not bother with anything that is not specific HTTP material. This is not the place to play with BODY in the case of POST. eg.
One useful thing you can do is to detect very early in the pipe so that the token is not present in the headers, then you can end the request right then and there and create a StatusCode.Forbidden response. Of course, he does not need a simple website. Just a bust. But if you receive millions of calls per minute, this is very convenient, as it happens right before the controller is actually created.
There are only a few cases when you really need it. Or say that the client making the rest of the calls can only do GET and POST, but in the headers it indicates X-Method-Override = PUT, then you can change the request method from POST to PUT at that moment so that your controller / action dispatchers create the correct instance and invoke the correct action.
Here is an interesting poster. PRINT IT: D
http://www.asp.net/media/4071077/aspnet-web-api-poster.pdf