agilix | A Kanban Planner built with React , Tailwind and Firebase | Frontend Framework library

I'm creating an asp.net core 2.0 app (with EFCore an Identity), which has:

1. website (MVC) where people can register and buy different plans (with different prices etc). So, these users must confirm e-mail and add other info to be able to use it's services, which include creating and managing mobile app users.
2. A mobile app with a WebAPI backend. Users of the app are workers who go from client to client, adding information that must be collected on-site to the app. This information is received by the website users.

So, the way I see it is that there are two different types of users: only one will ever use the website, and needs (more?) security since it needs a confirmed email in case he forgets password etc. Also these users will be able to see all reports and (sensitive) information gathered by the mobile app. This authentication is cookie based.

On the other hand, mobile app users are never going to have access to information other than what themselves feed into, also their e-mails are not needed. They just need a username and a code/password issued by Website user. And this authentication is bearer token.

I would prefer to make all this in one project, so my question is how can i handle these two types of users (and authentication processes) in one project?

I read the docs on authorization schemes, claims, filters, security attributes, configuring startup.cs. I believe I could handle this if it were merely a difference in say, roles. And the questions I searched here about different types of users seemed to be really about roles, but my case i don't think it can be handled that way. For instance, Mobile app users won't register themselves nor handle passwords etc, all of this will be managed by Website users who have, say, a "full account".

If asked i may post some code, but what i really need is some guidance, for instance:

• don't do it in one project, make two, one for MVC and one for WEBAPI and handle different security/authorization/registration concerns in each;

• or: You need to create two different "AppUser" classes and (in this case, how to configure Identity / what i add to startup.cs?)

I did found this: https://medium.com/agilix/asp-net-core-supporting-multiple-authorization-6502eb79f934

But that's still missing the part about different users. It may well be i have read in microsoft docs and other places the info i need to do this, but i cant piece it all together - for instance, i know how to create and register a custom user class in Identity, I understand how to add filters and attributes to the MVC pipeline, and i think i need all of that to accomplish what i need, but I can't understand step-by-step what i need to do.