Azure storage options to serve content on Azure Web App

Question

I am a total newbie to Azure WebApps and storage, I need some clarification/confirmation. The main thing to take note of, my application (described below) requires a folder hierarchy. Blob is out of the question and file share doesn't allow anonymous access unless I use Shared Access Signature (SAS).

Am I understanding Azure storage correctly, it's either you fit into the Azure storage model or you don't?

Can anyone advise how I can achieve what's required by the CMS application as described below by using Blobs?

The only option I see is to find a way to change the CMS application so that it always has the SAS in the URL to every file it requests from storage in order to serve content on my Web App? If so, is it a problem if I set my SAS to expire sometime in the distant future?

https://<appname>.file.core.windows.net/instance1/site1/file1.jpg?<SAS>

Problem with using Blob

So far my understanding is that Blob storage doesn't allow "sub folders" as it's a container that holds unstructured data, therefore I'm unable to use this based on my application (described below) as it requires folder structure.

The problem with using File Share

File share seemed perfect as it allows for folder hierarchy, naturally that's what I've used.

However, no anonymous access is allowed for files stored in file storage, the access needs to be authorised. One way of authorising the access is to create a SAS on a file/share level with Read permission and then using that SAS URL to access the file.

Cannot access Windows azure file storage document

My application

I've created a Linux Web App running open source CMS application. This application allows creation of multiple websites, for each website's content such as images, docs, multimedia to be stored on a file server. These files are then served to the website via a defined URL.

The CMS application allows for a settings of the location where it should save its files, this would be a folder on the file server. It then creates a new sub folder for every site it hosts in that location.

Example folder hierarchy

/instance1
           /site1
                  /file1
                  /file2
           /site2
                  /file1
                  /file2 

Answer 1

Am I understanding Azure storage correctly, it's either you fit into the Azure storage model or you don't?

You can use Azure Storage Model for your CMS Application. You can use either Blob Storage or File Share

Can anyone advise how I can achieve what's required by the CMS application as described below by using Blobs?

You can use Data Lake Gen 2 storage account if you want to use Azure Blob Storage.

Data Lake Gen 2 storage enables hierarchical namespace so that you can use subfolders in the Blob Storage as per your requirements

Problem with using Blob

Blob Storage allows subfolders if we use Data Lake Gen 2 storage account. You can enable Blob Public Anonymous access

The problem with using File Share

Azure File Share supports but does not allow public anonymous access. You can use Azure Managed Identity (System-Assigned) for your web app to access the Azure File Share.

Then your application would be able to access the Azure File Share without SAS token

Answer 2

The issue of not having real folders in a blob storage shouldn't be any issue for your use case. Just because it doesn't have your traditional folders doesn't mean it can't serve content on e.g. instance1/site1/file1. That's still possible but the instance1/site1/ will just be part of the name of the blob.

Tools like the Azure Portal or Storage Explorer will actually show folders by using the delimiter / and querying data that appears to be inside a folder by using the path as prefix.