It's actually quite a needful thing to implement your own login screen for the extranet users.
Note: The following applies to Sitecore 5.1.0.7 and later.
To provide login functionality on a web site, you can use the loginPage attribute in the site definition of the web.config file. For instance,
<site
name="website"
virtualFolder="/"
physicalFolder="/"
rootPath="/sitecore/content"
startItem="/home"
language="en"
database="web"
domain="extranet"
loginPage="/layouts/login.html"
allowDebug="true"
cacheHtml="true"
htmlCacheSize="10MB" />
In this case the loginPage points directly to a physical ASPX file.
Now, whenever an anonymous user requests a protected page, one is redirected to the custom login page.
By contrast, if a logged-in user requests a page that one does not have access to, this user is redirected to the 'no access' page and given the option to log in as another user (via a link at the bottom of the page).
Require login for all
If you require that all visitors to the site must log in, you can use the requireLogin attribute like this:
<site
name="website"
virtualFolder="/"
physicalFolder="/"
rootPath="/sitecore/content"
startItem="/home"
language="en"
database="web"
domain="extranet"
requireLogin="true"
loginPage="/layouts/login.html"
allowDebug="true"
cacheHtml="true"
htmlCacheSize="10MB" />
The configuration above will cause all requests by anonymous users to be redirected to the login page.
Important note:
If you want to set the requireLogin attribute to "true", you should specify a web form in the loginPage instead of the Sitecore item. This web form should be included in the IgnoreUrlPrefixes list. Otherwise, you will get the infinite loop because requireLogin setting won’t let the anonymous user to access the login item and one will be redirected to the login item on and on.
Misc. considerations:
If you specify a domain without supplying a login page, unauthorised requests will be redirected to the value of Settings.NoAccessUrl (default: /sitecore/noaccess.html).
This page will simply inform the user that the request failed due to missing access rights.
If you set requireLogin="true" without specifying a login page, an error message will be shown telling that no login page has been specified in the configuration.