IIS 7 client certificate with user mapping + basic HTTP certificate and more

Environment:

IIS 7.0

Requirements: Within the same web application:

-Allow client certificate authentication for user1

-Map certificate to a domain user

-Domain user password must not be stored in plaintext. e.g. in any IIS configuration file

-Allow basic HTTP authentication for user2 (and OK if for user1 but not required)



Is this possible and if so how to configure?