I really like this blog — every detail is explained and the whole process is easy to understand.

However, I think there is a misunderstanding. When you enable the Anonymous logon to your web site, the oneToOne mapping is not used at all. AFAIK, the IIS checks for a valid certificate during the HTTPS handshake (validity timeframe, known CA) and if your certificate is accepted, you get access to the page as an anonymous user.

I did an similar setup and as a result, I could

• logon w/o the oneToOne mapping or
• logon using an unmapped certifcate

Please check your setup (if this is relevant after 1.5 years time any longer ;-).

all the best — Joachim