BFF - Resolve IUserSessionStore in BffServerAuthenticationStateProvider using scoped service container

[maartenba]

While working with server-side session management using Entity Framework Core, an error is always visible in the logs:

Microsoft.AspNetCore.Components.Server.RevalidatingServerAuthenticationStateProvider[0]
      An error occurred while revalidating authentication state
      System.ObjectDisposedException: Cannot access a disposed context instance. A common cause of this error is disposing a context instance that was resolved from dependency injection and then later trying to use the same context instance elsewhere in your application. This may occur if you are calling 'Dispose' on the context instance, or wrapping it in a using statement. If you are using dependency injection, you should let the dependency injection container take care of disposing context instances.
Object name: 'SessionDbContext'.

Steps to reproduce

• Download the BlazorBffApp sample here
• Add EntityFramework NuGet packages here   by adding the following two packages
• Duende.BFF.EntityFramework Version="3.0.0"
• Microsoft.EntityFrameworkCore.Sqlite Version="9.0.10"
• Microsoft.EntityFrameworkCore.Tools Version="9.0.10"
• Update the Program.cs with the following
• Remove In-Memory service registration
• builder.Services.AddBff()
      .AddServerSideSessions() // Add in-memory implementation of server side sessions
      .AddBlazorServer();
• Add EntityFramework service registration
• builder.Services.AddBff()
          .AddEntityFrameworkServerSideSessions(options =>
          {
              options.UseSqlite("Data Source=database.dat", p => p.MigrationsAssembly("BlazorBffApp"));
          })
          .AddBlazorServer();
• Add and run EF Migrations as explained here
• Run the application, login with test user, and check the bff logs.

Observations

When debugging the issue, it seems BffServerAuthenticationStateProvider tries to access IUserSessionStore which has an already disposed SessionDbContext.

The reason is that Blazor's RevalidatingServerAuthenticationStateProvider.RevalidationLoop has a task delay during which the Blazor component goes out of scope, and disposes most of its dependencies, including the DbContext.

In this PR, the responsibility for creating/disposing a DI scope is moved to BffServerAuthenticationStateProvider to prevent the database IUserSessionStore and its dependencies from being disposed when authentication state is revalidated asynchronously.