Ah yes, and this is the part where common sense runs head first into Apple's walled garden.
This is how almost every multiplayer game does it to great success - tie your copy of the game into an account that the game developer can verify (possibly via a third party, like Steam). This makes it such that it's pretty much impossible for a pirated copy to hit your server.
Except, Apple does not allow you to take payments outside their channels for services provided in an App Store app. You don't have any personally identifiable information as the developer - nothing that can indicate if the user is a legitimate, paying user.
Administering IAPs and subscriptions is a huge pain due to the opaqueness of Apple's APIs. When customer service gets a complaint, like, say "I subscribed to your shit but I don't have premium access!" you cannot do any verification whatsoever, since you don't know their Apple ID, and their Apple ID was never visible during the transaction, so there's no way for you as the third party to back-trace anything.