Update example for NRTs + cross-linking (#35554)

Author: guardrex

aspnetcore/blazor/call-web-api.md

@@ -1095,6 +1095,9 @@ public class CookieHandler : DelegatingHandler
 }
 ```
 
+> [!NOTE]
+> For guidance on how to access an `AuthenticationStateProvider` from a `DelegatingHandler`, see <xref:blazor/security/additional-scenarios#access-authenticationstateprovider-in-outgoing-request-middleware>.
+
 The `CookieHandler` is registered in the `Program` file:
 
 ```csharp

aspnetcore/blazor/security/additional-scenarios.md

@@ -70,6 +70,9 @@ public class TokenHandler(IHttpContextAccessor httpContextAccessor) :
 }
 ```
 
+> [!NOTE]
+> For guidance on how to access an `AuthenticationStateProvider` from a `DelegatingHandler`, see the [Access `AuthenticationStateProvider` in outgoing request middleware](#access-authenticationstateprovider-in-outgoing-request-middleware) section.
+
 In the project's `Program` file, the token handler (`TokenHandler`) is registered as a scoped service and specified as a [named HTTP client's](xref:blazor/call-web-api#named-httpclient-with-ihttpclientfactory) message handler with <xref:Microsoft.Extensions.DependencyInjection.HttpClientBuilderExtensions.AddHttpMessageHandler%2A>.
 
 In the following example, the `{HTTP CLIENT NAME}` placeholder is the name of the <xref:System.Net.Http.HttpClient>, and the `{BASE ADDRESS}` placeholder is the web API's base address URI.
@@ -789,19 +792,21 @@ Use the `CircuitServicesAccessor` to access the <xref:Microsoft.AspNetCore.Compo
 `AuthenticationStateHandler.cs`:
 
 ```csharp
+using Microsoft.AspNetCore.Components.Authorization;
+
 public class AuthenticationStateHandler(
     CircuitServicesAccessor circuitServicesAccessor) 
     : DelegatingHandler
 {
     protected override async Task<HttpResponseMessage> SendAsync(
         HttpRequestMessage request, CancellationToken cancellationToken)
     {
-        var authStateProvider = circuitServicesAccessor.Services
+        var authStateProvider = circuitServicesAccessor.Services?
             .GetRequiredService<AuthenticationStateProvider>();
-        var authState = await authStateProvider.GetAuthenticationStateAsync();
-        var user = authState.User;
+        var authState = authStateProvider?.GetAuthenticationStateAsync().Result;
+        var user = authState?.User;
 
-        if (user.Identity is not null && user.Identity.IsAuthenticated)
+        if (user?.Identity is not null && user.Identity.IsAuthenticated)
         {
             request.Headers.Add("X-USER-IDENTITY-NAME", user.Identity.Name);
         }

aspnetcore/blazor/security/blazor-web-app-with-oidc.md

@@ -1435,3 +1435,4 @@ At this point, Razor components can adopt [role-based and policy-based authoriza
 * [Manage authentication state in Blazor Web Apps](xref:blazor/security/index#manage-authentication-state-in-blazor-web-apps)
 * [Refresh token during http request in Blazor Interactive Server with OIDC (`dotnet/aspnetcore` #55213)](https://github.com/dotnet/aspnetcore/issues/55213)
 * [Secure data in Blazor Web Apps with Interactive Auto rendering](xref:blazor/security/index#secure-data-in-blazor-web-apps-with-interactive-auto-rendering)
+* [How to access an `AuthenticationStateProvider` from a `DelegatingHandler`](xref:blazor/security/additional-scenarios#access-authenticationstateprovider-in-outgoing-request-middleware)