Regarding your stack :

Internet server with Windows : I really think Windows really have no added value in this area. Installing a DBMS like MySQL or MSSQL : you might be interested in NoSQL kind of database as you probably have limited relations between your data. I think some database also integrate out of the shelves a Rest or Curl API, at least that used to be the case with couchDb for instance No direct access to the database from outside for safety reasons Instead writing an API that runs on the server and allows indirect DB Access via predefined (HTTP?) Requests. if possible, aim for HTTPS right from the start.

Regarding the authentification, for a pet project I have been relying on Wordpress to manage user management through REST, I am not sure tough it is actually a good solution but at least it is cheap and quite easy to set up.