Keep it just ASP.NET, but consume the Web API in the UWP. I have been doing that in a number of applications that I use and I have been writing a lot of articles for this too.
In my own view, all of yours points can be concluded in the following list:
1. You want a web application that controls how users interact and how data is shared.
2. You want to authenticate the users before they can access the data. You also want only authenticated users to get the data, others should not be able to access the resources.
3. You want to use the same data (from the website) to be able to get rendered in the UWP applications.
That was what you were having, so, create a small (or average; 200 users!) web application and define your own schema of database. I won't be of any help, because you haven't shared any such information here. But, as far as that authentication is concerned, all you need to do is just apply Authorize attribute to the controller and ASP.NET will automatically require users to be logged in,
[Authorize]
public class MyController : Controller
{
public List<string> Get() {
}
}
</string>
Then you will be able to consume the API calls in your application to get the data. You can get the data in any format, make sure it can be serialized and deserialized while being transferred on the wire.
All of this has been summarized in this article of mine,
ASP.NET 5 Web API RESTful CRUDs and Windows 10 native application[
^]. It talks about creating web applications, creating the API portion, allowing the models to be used in the API consumption. After that, the article talks about creating the UWP application (Windows 10 uses UWP application platform) and then article guides you on consuming the API in your application to provide the users with the data from Web API.
If you are novice to ASP.NET, read this article of mine for that:
Understanding ASP.NET MVC using real world example, for beginners and intermediate[
^]
AuthorizeAttribute
Class (System.Web.Mvc)[
^]