A: To facilitate web server access control management, IIS 6.0 allows administrators to map IIS client certificates to Windows accounts—a feature called certificate mapping. You can use certificate mapping to apply resource permissions defined for Windows accounts to users that authenticated to your IIS web server using an SSL client certificate.

Certificate mapping is still supported in IIS 7.0, but it isn't exposed in the IIS 7.0 GUI. To define certificate mappings, you must edit the IIS 7.0 configuration files, which is a lot of work. Instructions are available at this site.

The good news is that Microsoft recently released a client certificates plug-in for IIS 7.0 that administrators can use to define certificate mappings from the IIS 7.0 management GUI. x86 and x64 versions of the plug-in are available for download.

You can find screenshots and other useful information in this MSDN blog.

Related Reading: