When the client uses WS2007HttpBinding and the server employs WSHttpBinding we may get this exception in the client side:
And the inner exception is:
On the server side trace we see
And the inner exception:
When the client uses WSHttpBinding and the server employs WS2007HttpBinding we would get the same exceptions with http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue being replaced by http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue.
The reason for the errors is the different WS-Trust versions between the bindings. WS-Trust is used when the negotiateServiceCredential or establishSecurityContext settings are set to true (which is the default). In these cases infrastructure messages are exchanged between the client and the server and these messages require the WS-Trust version to match.
We can see the different versions if we use the reflector to check the bindings static constructors.
So, which binding to use?
In many cases this does not matter since both bindings expose similar functionality.
You might want to consider the following:
Nevertheless, for most services this decision will probably only have a very minor effect.