This project demonstrates my ability to implement different authentication patterns. You can browse the source code for both versions via branches:
| Version | Architecture | Description | Link |
|---|---|---|---|
| v2.0 (Current) | ASP.NET Core Identity | Granular RBAC (Admin/Moderator), Privilege Escalation Protection, Hashing, Lockout & 2FA ready. | Browse Code |
| v1.0 (Legacy) | Manual Cookie Auth | Custom authentication built with HttpContext.SignInAsync. |
Browse Code |
TechBlog is a dynamic content management system developed from scratch using ASP.NET Core 8.0 architecture. Built upon the principles of N-Tier Architecture, the project has been enhanced with Hierarchical Role-Based Authorization, AJAX-based interactions, and a Secure Admin Panel.
- ASP.NET Core Identity: Complete integration for secure user management, login, and registration.
- Granular RBAC (Hierarchical Roles):
- Admin: Full access. Can manage Roles, Users, and assign other Admins.
- Moderator: Can manage content and users but has restricted privileges.
- User: Isolated environment. Can only view/edit their own profile.
- Privilege Escalation Protection:
- Backend Logic: A specialized logic block prevents Moderators from assigning "Admin" or "Moderator" roles to others. This prevents unauthorized authority expansion.
- Frontend Security: Dynamic Views automatically hide sensitive controls (e.g., "Admin" role checkbox, "Roles" menu link) based on the logged-in user's hierarchy.
- Entity Framework Core (Code First): Database entities designed as C# classes and managed via
Migrations. - Repository Pattern: Implemented to decouple business logic from data access, ensuring cleaner and testable code (
PostsRepository). - Data Modeling: Optimized One-to-Many (Author-Post, Post-Comment) and Many-to-Many (Post-Tag) relationships.
- Seed Data: Automated test data generation upon initial application startup.
- Dynamic Navbar: Menu items (Users/Roles) adjust visibility based on User Claims.
- AJAX & jQuery: Asynchronous comment submission and listing without page reloads.
- ViewComponents: Modular design for Sidebar, Popular Posts, and Tag Cloud.
- State Management: Visual badges for content status (Published/Draft) and user roles.
- Rich Text Editor: Integrated TinyMCE for HTML-formatted blog post creation.
- File Management: Server-side image upload handling via
IFormFile. - Dynamic Filtering: Content filtering by Tags or Categories via URL routing.
This section demonstrates the Hierarchical Security System implemented in v2.0.
The most critical security feature: Moderators cannot create Admins. The system dynamically renders the UI based on privileges.
| Admin Perspective (Full Control) | Moderator Perspective (Restricted) |
|---|---|
 |
 |
| Admin can see and assign 'Admin' & 'Moderator' roles. | Critical roles are HIDDEN and backend-protected. |
| Secure Login Interface | Role Management (Admin Only) |
|---|---|
 |
 |
| Customized Identity forms. | Admins can manage system roles. |
Responsive home page with pagination infrastructure.
TinyMCE editor and file upload mechanism.
Comments load and submit asynchronously.
To run this project locally, follow these steps:
- Clone the repository:
git clone [https://github.com/mehmetyesildev/TechBlog-AspNetCore-CMS.git](https://github.com/mehmetyesildev/TechBlog-AspNetCore-CMS.git)
- Configure Database:
Update the "ConnectionStrings" in
appsettings.jsonto match your local SQL Server instance. - Update Database:
Open a terminal in the project directory and run:
dotnet ef database update
- Run the Application:
dotnet run
- Developer: Mehmet YeΕil