Hi,
There are a number of ways it could be done. I think the approach I would pursue would have the basic steps of:
1. Remove the exsisting login/register links from the layout.master file of the skin.
2. Implement a custom module that you could plug into the page or a custom page and your own cusotm login/register links to put in layout.master.
3. In your custom module or page you validate the user against your web service and then set a FormsAuthentication cookie to log the user in. Add some logic to check if the user exists in the mojoportal database and if not create one for the user. There are existing methods to check the exsitence and create a user. mojoPortal does use its own users and roles internally so it must create a user internaly even if it auths against your web service. The same is true when using ldap/active directory or NTLM authentication
The above should not require any changes to mojoportal core but if you encounter something that is needed in the core to support what you are trying to do, you can submit the change and I will review it and consider it for inclusion. With the above scenario the only thing I think of that would be desireable is a web.config setting to disable the existing login and register pages since removing the links doesn't prevent someone from navigating to them.
Hope it helps,
Joe