EntityFrameworkCore.Identity: Can it be added to an existing project or should I start from scratch?

You have 2 options (aside from starting all over again)

1. Add a second dedicated context that inherits IdentityDbContext that should be configured to the same database instance as the original SystemDbContext. In this new `IdentityDbContext` derived context you will map to dbsets only the tables (entities) that you will need for the authentication flow such as `ApplicationUser`, `UserRoles`, `Roles` etc...You could also map to tables (entities) that are used in the `SystemDbContext` but you will need to exclude them from migrations to avoid creating duplicate migrations that will fail executing against the database. You can achieve this using ExcludeFromMigrations method in the OnModelCreating override. The opposite is also true you will be able to map to Identity entities (tables) to use them in your original SystemDbContext by configuring them via ExcludeFromMigraitons in order to instruct the SustemDbContext not to track changes on these entities and create migration for them.

2. The second approach, which is way better from my point of view, is to create a dedicated Identity (Authority) web service or web app that will be responsible for user authentication(log in) and will act as an Identity (Authority) service for the your main app. This dedicated identity service will have again its own IdentityDbContext derived context that again could use the same database as your original context from your main app and just map to specific tables that will be needed for the user authentication or it could use it's own database instance which would be a more advanced approach. Here you can review samples of such dedicated Identity apps that act as an Authority provider for other third party web apps or web services. I think that you will really impress your teachers and classmates with such an approach if you implement it. In the end your solution will contain two asp.net web api/razor/blazor apps one Identity app for user login (authentication), password recovery, two factore authentication etc.. and another Systems app for your main business logic that will use the first Identity app for user login/authentication/token issuing. To achieve this you will need to integrate microsoft entra, azure active directory or identity server in your identity service and your main system app in order to comply with oauth2/openid connect protocols. For example if you decide to go with IdentityServer you can follow this tutorial. In the long run you can "plug in" other apps to this Authority app i.e. System2 app which will enable single sign on between apps i.e. users logged in in the System app would be able to automatically sign in the System2 app without re-entering username and password.