The Windows IIS Web Server supports user authentication using client certificates. There are two ways to setup client authentication. This article covers authentication using Active Directory.
Set up IIS, and add the "Client Certificate Mapping Authentication" role services.
In the IIS Manager, right click the web site and select "Edit Bindings".
You should have a a HTTP and HTTPS binding listed.
If not, add a HTTPS binding.
Select the server certificate fom the dropdown list. This should be a certificate that has as its subject the name of the web server.
Now select the web site, sub directory or page you want to secure with client certificates, and click on SSL Settings.
Set the SSL Settings to require SSL, and also require client certificates.
These settings will require users to authenticate using a client certificate known to an active directory user, and will manage access to the web site assets by enforcing the security policy associated with that asset.