Do I always need an identity?

If you are using on-premise AD, no.

Where do I implement the information about the AD against which I want to authenticate the user?

That's what I'm trying to work out as well. It seems all MS examples are trying to push everyone to use Azure, and the rest are for the cloud/cross domain. Did you ever work it out?

What is the difference between implementing Azure AD (AAD) and on-premise AD when it comes to configuring the application?

If its on-premise and AD, then you don't have deal with cloud related config, dependencies, issues, etc.

Which roles play OpenId Connect (OIDC) and OAuth, are the necessary or optional?

They are for when you use an external provider for authentication. Not needed for on-premise AD.

Do I get a JSON web token (JWT) from the on-premise AD?

No, that's really for cross domain. You wouldn't need JWT and to be passing a token around. JWT still needs to store authentication details somewhere (to be repeatedly accessed and checked on each request). Which is what you would use AD directly for instead. On-premise AD is your stored authentication (and authorisation) repository.

Did you ever find a working solution to do on-premise AD authentication from a .Net Core WebApi app? Should be common, but there doesn't seem to be a clear example anywhere online that isn't infected with Azure, cloud, JWT or Identity dependencies and complications (and there must be). I have come across many others asking the same question and no answer. I will keep looking and trying to piece together my own solution.