Add application scope handler approach

[guardrex]

Fixes #36562

Javier, this ...

• Adds the app scope handler approach as a new section to the existing coverage on accessing auth state provider via the circuit activity handler approach, placing it as the first of two subsections and recommending it for this scenario.
• Retains the circuit activity handler approach as the generic approach for accessing services outside of the Blazor circuit's DI scope in the DI article.
• Improves cross-linking.
• Addresses a few NITs 😈 in passing.
• Addressed Copilot's first suggestion by telling devs to remove the null check on user if they want to check the user's auth state on every request.

---

Internal previews

📄 File	🔗 Preview link
aspnetcore/blazor/call-web-api.md	aspnetcore/blazor/call-web-api
aspnetcore/blazor/fundamentals/dependency-injection.md	aspnetcore/blazor/fundamentals/dependency-injection
aspnetcore/blazor/security/additional-scenarios.md	aspnetcore/blazor/security/additional-scenarios
aspnetcore/blazor/security/blazor-web-app-with-oidc.md	aspnetcore/blazor/security/blazor-web-app-with-oidc
aspnetcore/blazor/security/webassembly/additional-scenarios.md	aspnetcore/blazor/security/webassembly/additional-scenarios
aspnetcore/blazor/security/webassembly/graph-api.md	aspnetcore/blazor/security/webassembly/graph-api
aspnetcore/fundamentals/dependency-injection.md	aspnetcore/fundamentals/dependency-injection

[Copilot]

Pull request overview

This PR adds documentation for a new application scope handler approach for accessing AuthenticationStateProvider in outgoing request middleware for Blazor applications. The PR addresses issue #36562 by providing developers with a recommended alternative to the existing circuit activity handler approach when working with HTTP clients created by IHttpClientFactory.

Key changes:

• Adds a comprehensive new section documenting the application scope handler pattern as the recommended approach for accessing authentication state in delegating handlers
• Retains the existing circuit activity handler approach as an alternative method
• Improves cross-linking to HTTP request middleware documentation across multiple files
• Fixes minor style issues (capitalization and punctuation)

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
aspnetcore/blazor/security/additional-scenarios.md	Adds the main application scope handler documentation with code examples, restructures the section to present both approaches, and adds cross-reference notes about DelegatingHandler
aspnetcore/blazor/fundamentals/dependency-injection.md	Updates cross-reference text to clarify that it points to the circuit activity handler approach specifically
aspnetcore/blazor/call-web-api.md	Adds a new section explaining how to access services outside of HttpClient's scope with cross-references to the new documentation
aspnetcore/blazor/security/blazor-web-app-with-oidc.md	Adds cross-reference link to DelegatingHandler documentation
aspnetcore/blazor/security/webassembly/additional-scenarios.md	Adds cross-reference link to DelegatingHandler documentation and improves formatting
aspnetcore/blazor/security/webassembly/graph-api.md	Adds cross-reference link to DelegatingHandler documentation
aspnetcore/fundamentals/dependency-injection.md	Fixes capitalization of "middleware" and "keyed services" in section header, adds missing period

[guardrex]

@dotnet/aspnet-blazor-eng ... I think Javier is buried in work at the moment. I'm trying to get PRs pushed through because I have so many open PRs right now. Is anyone free to provide a tech review on this? My OP and the Copilot description ☝️ is a good summary of what this PR is seeking to accomplish.