Add explicit ApiKey requirement for ApiKey auth

(cherry picked from commit 8a3a998243e888e8f27c609f4bace5b42ad7ec50)

src/NzbDrone.Host/Startup.cs

@@ -177,20 +177,17 @@ public void ConfigureServices(IServiceCollection services)
             services.AddDataProtection()
                 .PersistKeysToFileSystem(new DirectoryInfo(Configuration["dataProtectionFolder"]));
 
-            services.AddSingleton<IAuthorizationPolicyProvider, UiAuthorizationPolicyProvider>();
-            services.AddSingleton<IAuthorizationHandler, UiAuthorizationHandler>();
-
             services.AddAuthorization(options =>
             {
                 options.AddPolicy("SignalR", policy =>
                 {
                     policy.AuthenticationSchemes.Add("SignalR");
-                    policy.RequireAuthenticatedUser();
+                    policy.Requirements.Add(new ApiKeyRequirement());
                 });
 
                 // Require auth on everything except those marked [AllowAnonymous]
                 options.FallbackPolicy = new AuthorizationPolicyBuilder("API")
-                .RequireAuthenticatedUser()
+                .AddRequirements(new ApiKeyRequirement())
                 .Build();
             });
 

src/Radarr.Http/Authentication/ApiKeyRequirement.cs

@@ -0,0 +1,20 @@
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authorization;
+
+namespace NzbDrone.Http.Authentication
+{
+    public class ApiKeyRequirement : AuthorizationHandler<ApiKeyRequirement>, IAuthorizationRequirement
+    {
+        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ApiKeyRequirement requirement)
+        {
+            var apiKeyClaim = context.User.FindFirst(c => c.Type == "ApiKey");
+
+            if (apiKeyClaim != null)
+            {
+                context.Succeed(requirement);
+            }
+
+            return Task.CompletedTask;
+        }
+    }
+}