The right option is even Require. Otherwise, the browser will not ask the user to select a certificate. However, it is not possible to intercept certificate validation in ASP.Net. You need to create a native module (in C++) and configure it in your application. This article has more details. In it, the code is shown to completely ignore the validation of the certificate; I imagine that is what you want.
If you are going to use self-signed customer certificates, there is another detail. The server sends the root certificates it considers reliable and it is common for the browser to allow the user to select only those certificates that belong to the server-accepted strings. I mean, the browser won’t show the self-signed certificate. It is possible to modify the server configuration so that it does not send the list of trusted roots (see method 3 - only create a value in the record).
In this configuration, possibly it will want to authenticate the client’s certificate as well. It would not be correct to check 'Ignore'?
– Leonel Sanches da Silva
When I mark 'Ignore' the IIS does not require the client certificate. I want the customer’s certificate, but I don’t want to use it for authentication, but as an extra variable in web application security. In fact I will try to detect attacks MEN-IN-THE-MIDDLE, especially detect proxy’s that do not inform the X-Forwarded-For header.
– fandev