Yes, you must accomplish this by combining the ASP.NET application with Office365 directly. As you probably already know, this usually works, since you have Office365 synchronized with pre-AD, and you have trust configured using an ADFS server. When you log into your web application, the user is redirected to Office365 to enter their UPN (usually an email address). Office365 uses this to find out which ADFS server is redirecting you to at a preliminary stage.
If you log in from a domain, you get authentication immediately through the built-in auth. ADFS will redirect you back to Office365 to establish a session, and Office365 will log in to the application itself. If you are outside the domain, you will need an external ADFS proxy. There, instead of the built-in auth windows, this special ADFS proxy server asks the user for corporate credentials, and then redirects back to Office365 in the same way as before.
Here is a good document that explains all this in more detail:
http://www.microsoft.com/download/en/details.aspx?id=28971