typically if you are talking about prompting in the form of the IIS login dialog then you are using IIS authentication (digest or basic). I don't know of a way to achieve your goal if using IIS for authentication is a requirement. In this case IIS handles the request and prompts for credentials before any .NET code can run.
If you configure IIS to allow anonymous then configure mojoPortal to use Active Directory user will not be required to login unless they access pages protected by roles. Pages that are protected by roles will not appear in the menu unless the user is logged in either. Note that the roles are mojoportal roles not Active Directory roles.
Hope it helps,