I wasn’t planning on writing another blog post until the Blog Admin area was complete, but I’ve made so many changes recently that it felt necessary to document the progress. These improvements go beyond simple feature additions—they focus on refining the structure, strengthening security, and making the application easier to manage.

The biggest updates include moving from Razor Pages to MVC, expanding identity management, introducing a dedicated administration area, implementing role management, adding auditing, and improving logging. Each of these plays a crucial role in making the platform more scalable, secure, and user-friendly.

Moving to MVC for a More Structured Application

When I started this project, I used Razor Pages for much of the administrative functionality. While Razor Pages work well for simple apps, they became difficult to manage as the application grew. Managing complex workflows, reusing components, and structuring the project efficiently became more challenging.

I decided to migrate everything to MVC because it provides a better separation of concerns. The logic, presentation, and data access layers are kept distinct, making the application more modular and maintainable. This move also aligns with industry best practices and allows for faster, more efficient development.

I kept the Identity UI as Razor Pages, following Microsoft's recommendation. However, for everything else, switching to MVC made the project cleaner and easier to manage.

Expanding Identity and Adding User Management

Identity management is crucial for any secure application. Initially, the identity system was fairly basic, but I needed to enhance it for better user management and authentication.

I expanded the identity model to include first name, last name, profile picture, and a "Require Password Change" feature. This improves personalization and security, ensuring users can be properly identified and prompted to update their credentials when necessary.

Alongside these changes, I built a new user management system in the admin area. This allows me to view and manage users directly within the application, eliminating the need for database queries or external tools.

Building an Administration Area for Easier Management

As the project grew, manually updating configuration files was no longer practical. I created a dedicated administration area where I can easily modify key system settings.

This admin panel allows for enabling maintenance mode, controlling user registration settings, and adjusting various application preferences. Instead of making database edits, I now have a structured interface to manage the site in real time.

Implementing Role Management and Auditing

With an improved identity system in place, I needed a better way to control user access. Role-based access control (RBAC) allows users to be assigned roles that define what they can and cannot do.

I built a role management system in the admin area, giving me the ability to assign and modify roles dynamically. Now, access permissions can be updated without requiring code changes, making the system more flexible and secure.

In addition, I introduced auditing to track key changes in the system. Important database tables now include created and modified timestamps, as well as records of who made changes. Instead of permanently deleting data, records are now soft deleted, allowing for better historical tracking.

Enhancing Logging for Better Oversight

Security isn't just about controlling access—it’s also about monitoring activity. I implemented a logging system that provides better insight into application events, errors, and security-related actions.

A dedicated logging panel in the admin area allows me to review logs in real time, helping with troubleshooting, security monitoring, and performance optimization.

Reflections and Next Steps

These updates bring my application closer to becoming a scalable and secure platform. Moving to MVC improves maintainability, expanding identity strengthens user management, adding role controls enforces security, and implementing logging and auditing enhances oversight.

Looking ahead, I plan to refine the user management system, expand the blog functionality, and optimize performance by improving database queries and caching mechanisms.

Thanks for following along, and I’ll be back with more updates soon!