Many of us, when building apps and systems, don’t realize that where and how you store data is one of the most important decisions. It affects cost, performance, scale — and yes, profit. Whether you’re dealing with structured data (databases, rows & columns) or unstructured data (images, videos, logs, media files), there are tons of storage options — but some just work better than others depending on the situation.
In this post, we’re going to zoom in on Azure Blob Storage, a popular choice for storing unstructured data. Why? Because it scales really well, cost-friendly if used right, and it’s already being used in big stuff. For example:
OpenAI uses Azure Blob Storage (with scaled accounts) to handle massive datasets, checkpoints, and global replication — letting them focus on AI rather than managing storage.
DataCone (via Storware) backs up Exchange, OneDrive, SharePoint into Blob Storage — giving them scalable, secure archival and fast recovery.
So let’s get started
Concept
Azure Blob Storage is Microsoft's cloud-based object storage solution, designed to handle vast amounts of unstructured data. Unlike traditional file systems, Blob Storage allows you to store data such as text, images, videos, backups, and logs in a scalable and cost-effective manner.
🧱Core Components of Azure Blob Storage
Blob Storage is structured around three main components:
Storage Account: The top-level container that provides a unique namespace for your data. It serves as the entry point for accessing all your storage resources.
Container: Within a storage account, containers help organize blobs into a flat namespace, similar to directories in a file system.
Blob: The actual data object stored within a container. Blobs can be of various types, each optimized for specific use cases.
🌐Accessing Blob Storage
You can interact with Azure Blob Storage through various methods:
- HTTP/HTTPS: Access blobs directly over the web.
- Azure Storage REST API: Programmatically manage blobs using RESTful calls.
- Azure CLI & PowerShell: Command-line tools for managing storage resources.
- Azure SDKs: Client libraries available for languages like .NET, Java, Python, and Node.js.
- SFTP & NFS: Secure file transfer and network file system protocols for accessing blobs.
In this we will learn how to interact using .NET
Comparision
📊In the cloud market, two popular storage services are Azure Blob Storage and Amazon S3. Let's compare their features to understand when to use each.
Feature | Azure Blob Storage | Amazon S3 | Why It Matters |
---|---|---|---|
Storage Model | Object storage with containers (blobs) | Object storage with buckets | Both are object storage services, but Azure uses containers while AWS uses buckets. This distinction can influence how you organize and manage your data. |
Storage Costs (per GB/month) | - Hot: $0.018 - Cool: $0.01 - Archive: $0.00135 |
- Standard: $0.023 - Intelligent-Tiering: $0.023 - One Zone-IA: $0.01 - Glacier: $0.004 - Glacier Deep Archive: $0.00099 |
Azure offers competitive pricing, especially for the Cool and Archive tiers. AWS provides a range of options, with Glacier Deep Archive being the most cost-effective for long-term storage. |
Data Transfer Costs (per GB) | - Data In: Free - Data Out: $0.087 |
- Data In: Free - Data Out: $0.09 |
Both platforms offer free data ingress, but Azure's data egress costs are slightly lower, which can be beneficial for data-intensive applications. |
Storage Tiers | Hot, Cool, Archive (account-level tiering) | Standard, Intelligent-Tiering, One Zone-IA, Glacier, Glacier Deep Archive (object-level tiering) | Azure applies storage tiers at the account level, meaning all blobs in a container share the same tier. AWS allows for more granular control, enabling different objects within a bucket to have different storage classes. |
Performance & Scalability | High throughput with up to 20,000 IOPS per storage account; supports up to 500 requests per second per blob | High throughput with support for at least 3,500 PUT and 5,500 GET requests per second per prefix | Both services offer high scalability, but AWS's support for multiple prefixes can enhance performance in high-concurrency scenarios. |
Data Replication | Locally Redundant Storage (LRS), Geo-Redundant Storage (GRS), Read-Access GRS (RA-GRS) | Standard, Intelligent-Tiering, One Zone-IA, Glacier, Glacier Deep Archive (object-level tiering) | Azure provides multiple replication options to ensure data durability and availability. AWS offers similar options but with different configurations and pricing structures. |
Security & Compliance | Advanced threat protection, encryption at rest and in transit, compliance with global standards | Encryption at rest and in transit, access control policies, compliance with global standards | Both platforms offer robust security features, but Azure's integration with Microsoft security tools and services may provide additional benefits for organizations already using Microsoft's ecosystem. |
Access Control | Azure Active Directory (AAD) integration, Shared Access Signatures (SAS) | Identity and Access Management (IAM), Bucket Policies, Access Control Lists (ACLs) | Azure's integration with AAD provides a unified identity management solution, which can simplify access control for organizations using Azure Active Directory. |
Creation
1. Access the Azure Portal
Go to portal.azure.com
2. Create a Storage Account
- In the left menu, select Storage accounts
- Click Create
3. Configure Basic Settings
- Subscription: Choose your active subscription
- Resource Group: Select or create one
- Storage Account Name: Use a unique name (3–24 lowercase letters/numbers)
- Region: Pick your preferred Azure region
- Performance: Choose Standard
- Account Kind: Select StorageV2
4. Set Redundancy
Choose based on durability needs:
Option | Description |
---|---|
LRS | Replicates within one region |
GRS | Replicates to a secondary region |
RA-GRS | Adds read access to secondary region |
ZRS | Replicates across availability zones |
GZRS | Combines ZRS + GRS |
RA-GZRS | Adds read access to GZRS |
5. Configure Advanced Settings
- Access Tier: Hot, Cool, or Archive
- Secure Transfer Required: Enable
- Hierarchical Namespace: Enable for Data Lake Gen2
6. Review and Create
- Review all settings
- Click Create to provision the storage account
Your Account is Created
🔐 Enable SFTP Access
- Go to your Storage Account
- Under Settings, select SFTP
- Toggle Enable SFTP to Enabled
- Click Save
- Under SFTP settings, click Add user
- Provide a username and assign permissions
- Click Save to create the user
💸 SFTP Cost Analysis
Item | Cost Estimate |
---|---|
Hourly | $0.30/hour |
Monthly | ~$216 if enabled 24/7 |
Billing Note | Charges apply even without usage |
- Charges begin as soon as SFTP is enabled, regardless of whether data is transferred.
- Costs can accumulate quickly if left running continuously.
✅ When to Use SFTP in Azure Blob Storage
SFTP (Secure File Transfer Protocol) is ideal when:
- You need to integrate legacy systems that rely on SFTP for file exchange.
- You want to migrate data securely from on-premises to Azure without rewriting existing tools.
- You’re working with third-party vendors who require SFTP access for uploads/downloads.
⚠️ Best Practices to Optimize Cost
- Enable SFTP only when actively needed
- Disable SFTP when idle to avoid unnecessary charges
- Monitor usage and billing regularly in the Azure Portal
Implementation
Let Understand it's integration with .net and how we can store the file
Access & Configuration Setup in .NET
Before writing blob code, you need to configure how your .NET application will access Azure Blob Storage—this includes credentials, app settings, and dependency injection.
🔐 a) Store Your Connection Info (or Use Identity)
You have a few options to authenticate your .NET app with Azure Blob Storage.
🔑 Connection String / Account Key
Store the connection string in appsettings.json, environment variables, or Azure App Service settings.
{
"ConnectionStrings": {
"AzureBlob": "DefaultEndpointsProtocol=https;AccountName=yourAccount;AccountKey=yourKey;EndpointSuffix=core.windows.net"
}
}
🛡️ Managed Identity / Azure AD / TokenCredential
For better security, use Azure AD or Managed Identity (especially if hosted in Azure). This avoids storing secrets in config.
⚙️ Using Microsoft.Extensions.Azure Helpers
If you're using ASP.NET Core or a generic host, register BlobServiceClient via DI:
builder.Services.AddAzureClients(clientBuilder =>
{
clientBuilder.AddBlobServiceClient(builder.Configuration.GetSection("Azure:Storage:Blob"));
});
Then inject BlobServiceClient wherever needed.
🧩 b) Wiring in Program.cs / Startup
In a typical ASP.NET Core app:
var builder = WebApplication.CreateBuilder(args);
// Bind configuration
builder.Services.AddControllers();
// Register Blob client via DI
builder.Services.AddAzureClients(clients =>
{
clients.AddBlobServiceClient(builder.Configuration.GetSection("Azure:Storage:Blob"));
});
var app = builder.Build();
app.Run();
appsettings.json Example
{
"Azure": {
"Storage": {
"Blob": {
"ConnectionString": "DefaultEndpointsProtocol=https;AccountName=...;AccountKey=...;EndpointSuffix=core.windows.net"
}
}
}
}
Injecting the Client
public class MyService
{
private readonly BlobServiceClient _blobServiceClient;
public MyService(BlobServiceClient blobServiceClient)
{
_blobServiceClient = blobServiceClient;
}
// ...
}
📦 Storage / Blob Operations in .NET
Once access is configured, here are common ways to store and manage blobs.
🧱 a) Basic Operations: Upload, Download, List, Delete
Using Azure.Storage.Blobs SDK (v12+):
using Azure.Storage.Blobs;
using Azure.Storage.Blobs.Models;
public async Task UploadFileAsync(string containerName, string localFilePath)
{
BlobContainerClient container = _blobServiceClient.GetBlobContainerClient(containerName);
await container.CreateIfNotExistsAsync(PublicAccessType.None);
string fileName = Path.GetFileName(localFilePath);
BlobClient blob = container.GetBlobClient(fileName);
await blob.UploadAsync(localFilePath, overwrite: true);
}
public async Task DownloadFileAsync(string containerName, string blobName, string downloadPath)
{
BlobContainerClient container = _blobServiceClient.GetBlobContainerClient(containerName);
BlobClient blob = container.GetBlobClient(blobName);
await blob.DownloadToAsync(downloadPath);
}
public async Task<List<string>> ListBlobsAsync(string containerName)
{
BlobContainerClient container = _blobServiceClient.GetBlobContainerClient(containerName);
var names = new List<string>();
await foreach (BlobItem item in container.GetBlobsAsync())
{
names.Add(item.Name);
}
return names;
}
public async Task DeleteBlobAsync(string containerName, string blobName)
{
BlobContainerClient container = _blobServiceClient.GetBlobContainerClient(containerName);
BlobClient blob = container.GetBlobClient(blobName);
await blob.DeleteIfExistsAsync();
}
🚀 Advanced Storage Patterns in Azure Blob Storage
Depending on your scenario, Azure Blob Storage offers multiple blob types and access strategies. Here's a breakdown:
🧱 Blob Types
Blob Type | Use Case |
---|---|
Block Blobs | Default type. Ideal for storing files, documents, images, and backups. |
Append Blobs | Optimized for append-only operations like logging or telemetry data. |
Page Blobs | Supports random read/write access. Used for virtual hard disks (VHDs) and VM disks. |
🔐 Access Strategies
Strategy | Purpose |
---|---|
SAS Tokens | Generate scoped, time-limited access for clients without exposing account keys. |
Streaming Uploads | Upload directly from memory, streams, or web requests—no need for local files. |
Chunked Uploads | Upload large files in blocks for better performance and reliability. |
🧰 Example Use Cases
- Block Blob: Uploading user profile images or PDFs
- Append Blob: Writing logs from a web app or IoT device
- Page Blob: Hosting a VHD for an Azure VM
- SAS Token: Sharing a file securely with a third party
- Streaming Upload: Saving a file from an HTTP request directly to blob
- Chunked Upload: Handling 5GB+ video files with retry logic
🧾 Final Thoughts
This is one way to integrate Azure Blob Storage in .NET. Depending on your app type (web, console, microservice), hosting environment (Azure App Service, AKS, VM), and security needs, you can adapt the approach.
There are many ways to do this—what matters is choosing the right one for your scenario.
Thanks for reading! 🙌
Let me know in the comments how you’re using Blob Storage in your projects or if you’d like a follow-up on performance tuning, SAS tokens, or Data Lake Gen2.
Let me know if you'd like help turning this into a downloadable guide or adding diagrams for architecture and flow. You're building a solid technical resource!
Top comments (2)
Clear Azure Blob Storage guide with S3 context, SFTP costs, and .NET—thanks!
A proper guide to Azure Blob Storage, from beginner to advanced level. Thanks..!
Keep going 🙌