IIS allows you to use client certificates but it may give you hard time if your certificate is wacky (e.g. self-signed). In the client-side, if you have a .NET application that wants to be more permissible on accepting server certificates, you can hook the event ServerCertificateValidationCallback and decide weather or not you want to accept the server certificate; the callback provides you the certificate, the chain and the SslPolicyErrors (as flags) found during validation.
IIS don’t have such abstraction for validating client certificates, but it does provide the raw mechanism for performing the validation yourself. By default, IIS will do the validation for you during the BeginRequest pipeline event and will fail if any error is found. To perform the validation yourself you need listen the PreBeginRequest global event, stream the certificate from client and finally ignore the SSL Policy Errors (Flags) that you want.
The PreBeginRequest global event is not available (yet) for .NET code, you have to bring your C++ skills and write an IIS global module, no worries, there no too much code to write.
High level, you need:
The code that you need (at your own risk) is something like:
A small deployment suggestion, in the Visual C++ project, change the settings to statically link to all libraries, like STL/CRT/MFC so you don’t require to install the Microsoft Visual C++ Redistributable Package.