I really like this blog — every detail is explained and the whole process is easy to understand.
However, I think there is a misunderstanding. When you enable the Anonymous logon to your web site, the oneToOne mapping is not used at all. AFAIK, the IIS checks for a valid certificate during the HTTPS handshake (validity timeframe, known CA) and if your certificate is accepted, you get access to the page as an anonymous user.
I did an similar setup and as a result, I could
- logon w/o the oneToOne mapping or
- logon using an unmapped certifcate
Please check your setup (if this is relevant after 1.5 years time any longer ;-).
all the best — Joachim