I've noticed that it is possible SQL Server 2005/2008 to authenticate replication accounts using certificates. Is it possible to authenticate .NET SqlConnection in the same manor?
Ideally, I'd like to do away with password authentication completely and have the aspnet user connect using a certificate stored against its account.
Is this possible, and if so, how can this be done?
You can configure ASP.NET to use client side certificates, see this KB article.
But the ASP.NET server does not have access to your client's certificate. So the ASP.NET server cannot authenticate to SQL Server with a certificate.
The only way to authenticate a TDS protocol connection (ie. a user connection) is using Windows authentication (NTLM/Kerberos) or SQL Authentication (user/password). Is not possible to authenticate TDS connections using certificates. Only Database Mirroring and Service Broker connections can authenticate using certificates.
What you probably noticed is the HTTPS authentication between IIS and a client that occurs in Web Based Replication. That is indeed certificate based authentication, but occurs between the client and IIS and SQL Server is not involve din any way in it.