Configure external storage providers for libraries

Sitefinity CMS built-in database and file system storage providers are referred to as internal blob storage providers, because, when you use them, the data is kept within the website deployment environment. External storage providers are the ones that keep the blob data in an external data storage infrastructure, for instance cloud storage providers. Sitefinity CMS supports out of the box configuration for Microsoft Azure Storage and Amazon S3 cloud storage providers, as well as integration with custom external storage providers.

External blob storage considerations and restrictions


When you use external blob storage, have in mind the following:

  • Thumbnail generation
    Unlike the File system and Database storage providers, where the image, or video thumbnail gets generated automatically, when using an external blog storage provider, you must manually regenerate the thumbnails. For more information see Thumbnails.
  • Time consumption
    Moving library items between libraries that use external blob storage providers may be a long operation. For instance, moving from a library using a file system provider to a library using an external storage provider, requires uploading the data to the cloud. Similarly, moving from one external storage provider library to another may require transferring the data from one cloud storage server to another. Renaming a blob on Azure causes the creation of a new one and the deletion of the old one.
  • Costs
    Have in mind that many of the operations with the cloud storage cost money. Storage, traffic, and transactions are charged, so plan carefully and try to reduce the operations to the minimum.
  • Failure of infrastructure
    One of the main benefits of the cloud services is their scalability, but in the cloud, hardware, network, and software do fail or are too busy at times. To recover its operations, a cloud infrastructure uses a retry policy.
  • Web Security module
    If you activated the Web security module and have images or other media on your website that are served from another domain like Azure or Amazon Web Services, you must add the domain names in the module’s HTTP response headers. To do so:
    1. Navigate to Administration » Settings » Advanced.
    2. In the tree on the left, expand WebSecurity » HttpSecurityHeaders » ResponseHeaders.
    3. Under Content Security Policy, for images add the domain next to the img-src headers and for videos – next to the media-src header.
    For more information, see Web security module.


When creating an external storage provider have in mind the following restrictions:

  • Security
    Secured access is not supported by Sitefinity CMS external blob storage providers. All containers and blobs that it creates are public. Sitefinity CMS view permissions are only applied to determine the visibility of links and thumbnails in the frontend widgets, but any of the blobs can be downloaded from the the cloud storage provider servers using its public URL. The generation and usage of a shared access signature (SAS) for the frontend pages of Sitefinity CMS is not implemented.

    NOTE: SAS can be used instead of an account key in the basic settings, but this is to protect the account key itself and not the blob data. The SAS key is used when uploading, deleting and relocating blob and not for the public access. 

  • Different Draft and Live items
    When a library item is already published and a different media file is uploaded as a draft, Sitefinity CMS will manage two distinct blobs for the same item. You must take note of this when planning storage costs.


Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.

Get started with Integration Hub | Sitefinity Cloud | Sitefinity SaaS

This free lesson teaches administrators, marketers, and other business professionals how to use the Integration hub service to create automated workflows between Sitefinity and other business systems.

Web Security for Sitefinity Administrators

This free lesson teaches administrators the basics about protecting yor Sitefinity instance and its sites from external threats. Configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.

Was this article helpful?