diff --git a/modules/blogging/src/Volo.Blogging.Application.Contracts/Volo/Blogging/BloggingPermissions.cs b/modules/blogging/src/Volo.Blogging.Application.Contracts/Volo/Blogging/BloggingPermissions.cs
index f77e25f570a..e73dc334daf 100644
--- a/modules/blogging/src/Volo.Blogging.Application.Contracts/Volo/Blogging/BloggingPermissions.cs
+++ b/modules/blogging/src/Volo.Blogging.Application.Contracts/Volo/Blogging/BloggingPermissions.cs
@@ -11,7 +11,6 @@ public static class Blogs
             public const string Delete = Default + ".Delete";
             public const string Update = Default + ".Update";
             public const string Create = Default + ".Create";
-
         }
 
         public static class Posts
diff --git a/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Comments/CommentAppService.cs b/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Comments/CommentAppService.cs
index 32b31da23a3..0ff7bc46cc2 100644
--- a/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Comments/CommentAppService.cs
+++ b/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Comments/CommentAppService.cs
@@ -5,7 +5,6 @@
 using Microsoft.AspNetCore.Authorization;
 using Volo.Abp.Application.Services;
 using Volo.Abp.Guids;
-using Volo.Abp.Users;
 using Volo.Blogging.Comments.Dtos;
 using Volo.Blogging.Posts;
 using Volo.Blogging.Users;
@@ -81,7 +80,7 @@ private async Task<List<CommentWithDetailsDto>> GetListOfPostAsync(Guid postId)
                 ObjectMapper.Map<List<Comment>, List<CommentWithDetailsDto>>(comments));
         }
 
-        //[Authorize(BloggingPermissions.Comments.Create)] TODO: Temporary removed
+        [Authorize]
         public async Task<CommentWithDetailsDto> CreateAsync(CreateCommentDto input)
         {
             var comment = new Comment(_guidGenerator.Create(), input.PostId, input.RepliedCommentId, input.Text);
@@ -91,6 +90,7 @@ public async Task<CommentWithDetailsDto> CreateAsync(CreateCommentDto input)
             return ObjectMapper.Map<Comment, CommentWithDetailsDto>(comment);
         }
 
+        [Authorize]
         public async Task<CommentWithDetailsDto> UpdateAsync(Guid id, UpdateCommentDto input)
         {
             var comment = await _commentRepository.GetAsync(id);
@@ -104,6 +104,7 @@ public async Task<CommentWithDetailsDto> UpdateAsync(Guid id, UpdateCommentDto i
             return ObjectMapper.Map<Comment, CommentWithDetailsDto>(comment);
         }
 
+        [Authorize]
         public async Task DeleteAsync(Guid id)
         {
             var comment = await _commentRepository.GetAsync(id);
diff --git a/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Posts/PostAppService.cs b/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Posts/PostAppService.cs
index 6d7b23e8c64..8799b4e0d01 100644
--- a/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Posts/PostAppService.cs
+++ b/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Posts/PostAppService.cs
@@ -13,11 +13,6 @@
 
 namespace Volo.Blogging.Posts
 {
-    /* TODO: Custom policy with configuration.
-     * We should create a custom policy to see the blog as read only if the blog is
-     * configured as 'public' or the current user has the related permission.
-     */
-    //[Authorize(BloggingPermissions.Posts.Default)]
     public class PostAppService : ApplicationService, IPostAppService
     {
         protected IBlogUserLookupService UserLookupService { get; }
@@ -256,14 +251,13 @@ private List<string> SplitTags(string tags)
             return new List<string>(tags.Split(",").Select(t => t.Trim()));
         }
 
-        private async Task<List<PostWithDetailsDto>> FilterPostsByTag(List<PostWithDetailsDto> allPostDtos, Tag tag)
+        private Task<List<PostWithDetailsDto>> FilterPostsByTag(List<PostWithDetailsDto> allPostDtos, Tag tag)
         {
             var filteredPostDtos = new List<PostWithDetailsDto>();
-            var posts = await _postRepository.GetListAsync();
 
             foreach (var postDto in allPostDtos)
             {
-                if (!postDto.Tags.Any(p => p.Id == tag.Id))
+                if (postDto.Tags.All(p => p.Id != tag.Id))
                 {
                     continue;
                 }
@@ -271,7 +265,7 @@ private async Task<List<PostWithDetailsDto>> FilterPostsByTag(List<PostWithDetai
                 filteredPostDtos.Add(postDto);
             }
 
-            return filteredPostDtos;
+            return Task.FromResult(filteredPostDtos);
         }
     }
 }
diff --git a/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Tagging/TagAppService.cs b/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Tagging/TagAppService.cs
index 473a8698dfd..0e6e75e0716 100644
--- a/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Tagging/TagAppService.cs
+++ b/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Tagging/TagAppService.cs
@@ -2,17 +2,11 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Authorization;
 using Volo.Abp.Application.Services;
 using Volo.Blogging.Tagging.Dtos;
 
 namespace Volo.Blogging.Tagging
 {
-    /* TODO: Custom policy with configuration.
-     * We should create a custom policy to see the blog as read only if the blog is
-     * configured as 'public' or the current user has the related permission.
-     */
-    //[Authorize(BloggingPermissions.Tags.Default)]
     public class TagAppService : ApplicationService, ITagAppService
     {
         private readonly ITagRepository _tagRepository;
@@ -28,7 +22,6 @@ public async Task<List<TagDto>> GetPopularTags(Guid blogId, GetPopularTagsInput
                 .WhereIf(input.MinimumPostCount != null, t=>t.UsageCount >= input.MinimumPostCount)
                 .Take(input.ResultCount).ToList();
 
-
             return new List<TagDto>(
                 ObjectMapper.Map<List<Tag>, List<TagDto>>(postTags));
         }