Hello,
In your 
OnAuthentication method, put this at the beginning of the method:
// Check if the user was authenticated by the system
if (userInfo != null) return userInfo;
When 
OnAuthentication method is called, if the variable 
userInfo is not null, that means Kentico found the user in its own membership tables. So return that same 
userInfo to "bypass" your external database check.
That way, your internal kentico users will be correctly authenticated.
I hope it helps.