For anyone wanting to do this, a good approach is IFRAME. Here is what I did to create a custom login to the store from any external site :
Note: I have my entire store locked down at the root inside the web.config:
<system.web>
<!-- FORCE LOGIN FOR ENTIRE STORE -->
<authorization>
<deny users="?"/>
</authorization>
...........
1) Duplicate Conlib/LoginDialog.ascx and rename file (Remote_LoginDialog.ascx) and partial class in the codebehind
2) Create a new blank webform (Remote_Login.aspx) at the root with no master page and embed your duplicated login user control here - this gives you a blank canvas with only the functionality of login and the ablitly to overlay layout and design rules to match the external site.
3) If your store is locked down at the root, then in your webconfig, create location rules to allow public access to your user control and new login page in which it resides - this will allow public access to these pages only in addition to the generic login.aspx file that the store uses.
<location path="Remote_Login.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Remote_LoginDialog.ascx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
4) On an external site, create a page with an embedded iframe with the SRC pointng to your newly created aspx file.
5) Add this to the top of /Layouts/Scriptlet.master inside the javascript tags - this forces any new page after to login to appear in the parent window instead of inside the Iframe, otherwise after login, the store will appear inside the IFRAME:
//JS to force top window for all pages other than login
var URLstr = window.location.href;
if (self.parent.frames.length != 0 && URLstr.search(/login.aspx/i) == -1) self.parent.location = document.location;
Cheers,
Jamie Attwood