Configure Microsoft Azure storage provider

Microsoft Azure Storage is one of the features of the Microsoft Azure cloud platform. A single Azure subscription may be used to manage multiple storage accounts, the cost for each of which is accumulated to the subscription billing. For more information, see Azure Storage Documentation. To browse and inspect the storage, you can download and use Azure Storage Explorer.

NOTE: You must add '{your_storage_account}.blob.core.windows.net' as trusted source in the Web Security module to ensure communication is not detected as threat and blocked. For more information, see Web security module.

To configure the Azure external storage provider for your Sitefinity CMS libraries, perform the following:

1. In the main menu, click Administration » Settings.
   The Basic Settings page opens.
2. Click Storage providers.
3. To create a new storage provider, click Add storage provider.
   The Add a provider dialog opens.
4. Enter a name for the provider.
5. In Provider type dropdown, select Microsoft Azure.
6. In Account name, enter your Azure storage account name.
   For more information, see Azure Storage Documentation.
7. Enter your Account key or shared access signature (SAS).
   We recommend managing security at container level. A container may be public or private. The content of public containers is publicly visible. The content of private containers is accessible only by either authenticating with an account key or by shared access signature (SAS).
   SAS is a string token (having the format of URL query parameters), which is valid only for a limited period of time and gives access to a single container.
8. Enter a name for the container that will contain the blobs.
   The blob storage is structured as a flat list of containers, each of which is a flat list of blobs. To mimic nested structures, the name of the blob may contain back slashes. An example of a publicly visible URL of a blob can be http://accountname.blob.core.windows.net/containername/blob/name.jpg.
   Sitefinity CMS will use the name that you enter to create a container with general properties that will be used to store the blobs. If you want to use a specific, existing container, you must enter its name.
9. Enter a Public host.
   You can use the Public host setting to override the host and port part of the public library item URLs.
   Use this setting in the following cases:
   • You want to specify a different, custom DNS name for the same site that will be used for the frontend only and will replace the default Azure host.
   • You want to change the protocol.
     The Use SSL for storage management setting affects only the way Sitefinity CMS is connecting to the cloud storage. The frontend URLs always use the HTTP scheme. To change this, you can specify a Public host that matches the account name but uses the HTTPS scheme, for example, https://example.blob.core.windows.net/.
   • You want to use Azure CDN. Because Azure CDN reflects the URL structure of the storage account, by specifying the host name of a CDN endpoint (like az12345.vo.msecnd.net) as Public host, you will make Sitefinity CMS generate frontend URLs that direct the media content downloads to go through the Microsoft CDN.
10. Select Use SSL for storage management checkbox, if you want to specify that Sitefinity CMS will communicate with the storage service using the HTTPS protocol (HTTP over SSL/TLS).
    This setting only affects the management communication - upload, delete, property setting, and other operations done by Sitefinity’s library provider to manage the blob storage. The public URLs that Sitefinity CMS will generate in frontend pages and controls defaults to HTTP, regardless of this setting.
11. To use the local development storage provided by the Azure Storage Emulator part of the Azure SDK for .NET, select the Use local development storage checkbox.
    In this mode, the only required setting is the container name.
12. The Sample blob URL field shows how the URL of a blob, stored with the current settings, would look like.
13. When finished with all the settings, click Test settings.
    It tests the settings by a real attempt to connect, create the container, upload, and delete a small blob.
14. Click Done.
    The storage provider is created and appears in the list of providers.

When creating an Azure storage provider, have in mind the following restrictions:

• Security
  Secured access is not supported by Sitefinity Azure blob storage provider. All containers and blobs that it creates are public. Sitefinity view permissions are only applied to determine the visibility of links and thumbnails in the frontend widgets, but any of the blobs can be downloaded from Azure servers using its public URL. The generation and usage of a shared access signature (SAS) for the frontend pages of Sitefinity CMS is not implemented.

  NOTE: SAS can be used instead of an account key in the basic settings, but this is to protect the account key itself and not the blob data. The SAS key is used when uploading, deleting and relocating blob, and not for the public access.

• Different Draft and Live items
  When a library item is already published and a different media file is uploaded as a draft, Sitefinity CMS will manage two distinct blobs for the same item. You must take note of this when planning storage costs.
• Private cloud storage providers are not configured by default
  To use private cloud storage providers, perform the following:
  1. Navigate to Administration » Settings » Advanced » Libraries » Blob storage » Blob storage providers » Azure » Parameters.
  2. Click Create new.
  3. In Key, enter urlMode.
  4. In Value, enter Internal.
  5. Click Save changes.
     
  The default value is Original, which indicates that it serves the URL from the provider. When you change the value to Internal, the URL is served from Sitefinity CMS.