Can't connect to WebDAV when using TLS

I've been steadily using WinSCP to connect to another Windows box running IIS, and pushing a file via WebDAV. However it all fails whenever I try to use TLS.

Each time I try to connect, it tells me

Error listing directory '/'. , 403 forbidden.

Again I don't have these issues when using the exact same specs, but without TLS. I have tried including the .PFX certificate in the Advanced Settings, no difference.

The Windows Firewall on the destination server is OFF (for testing), and on the source server "outgoing" is set to allow all.

Sanitized log attached; if I over-sanitized and there's something I shouldn't have omitted, I can get that back!

I figured it out, but it doesn't make any sense to me.

On the destination server, I had to configure WebDAV settings so the source computer's Windows logon account was listed as one of the "Allowed" users (so, the user I'm logging into the source server as, when I go to configure the WinSCP session). I don't see why it should care about that; WinSCP should be passing the user/password listed in the session configuration, not who is logged into the Windows server, correct?

Yes, WinSCP sends the credentials from the login dialog.
If you want us to investigate further, please post complete logs for both scenarios.

Two logs attached:

log_error: this is what happens when WebDAV on the destination server doesn't have the source server's *computer* logon name as an allowed user.

log_successful: this is what happens when WebDAV *does* have the source server's *computer* logon name as an allowed user.

FWIW, the two usernames (the computer user and the one I'm actually telling WinSCP to connect with) have COMPLETELY different names/passwords. If I don't use TLS at all, then WinSCP seems to honor whatever I've got in the user/pass fields in the connection profile.

There are too many differences between the logs/sessions. Different WinSCP versions. PFX file in one case, but not the other. Different server. Different server software. Can you post logs that really differ only in whether the local account in "allowed" on the server or not?