(I renamed this post since the long URL was breaking the site design - Pete.)
Config reference link:
http://www.iis.net/ConfigReference/system.webServer/security/authentication/iisClientCertificateMappingAuthentication
That reference material really should include a reference to the SSL configuration module, explicitly reminding admins that they need to change the default setting of *Ignore* client certificates to *Accept* or *Require* if they want any of the certificate mapping functionality to actually be usable.
I would have added this as a comment, but the reference material doesn't support comments ...