Quick start
BlobBridge is a SharePoint SPFx web part that surfaces customer-owned Azure Blob Storage containers inside SharePoint using a document-library-style interface.
- Upload BlobBridge.sppkg to the SharePoint App Catalog and deploy it.
- Add the BlobBridge web part to a modern SharePoint page.
- Upload BlobBridge.lic to a SharePoint library that viewers can read.
- Configure the web part with Storage URL, Container, SAS token and licence folder path.
- Publish the page and test browsing, downloading and any enabled write actions.
New installation
1. Prepare Azure Blob Storage
- Create or choose the storage account and blob container.
- Keep files in the customer's Azure Blob Storage account. BlobBridge does not host customer files.
- Configure CORS before testing from SharePoint.
2. Generate a SAS token
BlobBridge can use any valid SAS token that grants the permissions required for the intended actions. Read/List is enough for read-only archive access. Add Create/Write for uploads and overwrite scenarios. Add Delete only where deletion is required.
3. Deploy the SharePoint package
Upload BlobBridge.sppkg to the tenant or site collection App Catalog and approve deployment. Add the BlobBridge web part to a modern SharePoint page.
4. Configure and publish
Open the web part properties, enter the storage and licence settings, then publish the page. SharePoint page permissions and audience targeting control who can see the page or web part. Actual blob access capability is governed by the configured SAS token permissions.
Update BlobBridge
Existing customers update by uploading the new BlobBridge .sppkg package over the existing BlobBridge package in the SharePoint App Catalog.
- Existing web part instances should normally update automatically.
- If a site does not pick up the update, go to Site contents, open the BlobBridge app entry and choose Update.
- No file migration is required. Files remain in Azure Blob Storage.
Configuration options
| Property | Description | Example |
|---|---|---|
| Storage URL | Base URL of the storage account. | https://mystore.blob.core.windows.net |
| Container | Name of the blob container. | archive |
| SAS token | SAS token used by this web part instance. | ?sv=2024-... |
| Licence folder path | Full URL to the folder containing BlobBridge.lic. | https://tenant.sharepoint.com/sites/apps/SiteAssets |
| Open/download behaviour | Choose default browser behaviour or Prefer download. | Default browser behaviour |
| Overwrite handling | Choose how uploads behave when a file name already exists. | Prompt or overwrite, based on configuration |
SAS permissions and actions
| Intended action | Required SAS permissions | Notes |
|---|---|---|
| Browse folders and list files | Read/List | Use this for read-only archive access. |
| Download files | Read/List | Users do not need Azure portal access. |
| Upload local files or SharePoint-selected files | Create/Write plus Read/List | SharePoint file picker upload sends selected files into Azure Blob Storage. |
| Overwrite existing files | Write plus Read/List | Use optional overwrite handling to control the user flow. |
| Delete files | Delete plus Read/List | Only include Delete where deletion is intended. |
Separate groups can use separate SharePoint pages, page permissions, audience targeting or separate BlobBridge web part instances. SharePoint controls who can see the page or web part. The configured SAS token controls what actions are possible against the Azure Blob container.
CORS guidance
Azure Storage CORS must allow requests from the SharePoint tenant domain where BlobBridge is used, such as https://yourtenant.sharepoint.com. Required methods depend on enabled actions, such as listing/downloading, uploading and deletion.
- For testing, some teams temporarily use broader origins or headers, then narrow them before production.
- For production, restrict allowed origins to the SharePoint domains where BlobBridge pages are hosted.
- If browsing works but upload or delete fails, confirm the CORS methods match the actions you enabled.
SAS renewal and rotation
BlobBridge uses the SAS token configured for each web part instance. If the token expires, the web part configuration needs to be updated with a new valid SAS token.
SAS token rotation can be fully automated by your own scripting or deployment process. The automation generates the new token and updates the BlobBridge web part configuration in SharePoint, so users continue accessing the same SharePoint page while the configured token is refreshed behind the scenes.
The rotation process can use tooling such as PnP PowerShell, Microsoft Graph, SharePoint scripting, Azure CLI, Azure Automation, CI/CD or another controlled deployment process. If automation is not in place, an administrator can also update the token manually by editing the SharePoint page, updating the BlobBridge web part properties and publishing the page. BlobBridge does not need a custom token service for this model to work.
Trial setup
The trial uses the current BlobBridge package. It can list and display files so you can validate setup. Write actions are blocked in the trial.
- Download BlobBridge.Trial.sppkg from the trial page.
- Upload it to the SharePoint App Catalog and deploy it.
- Add the BlobBridge Trial web part to a modern page.
- Configure Storage URL, Container and a read/list SAS token.
FAQ
Does BlobBridge replace SharePoint document libraries?
No. BlobBridge is not a full SharePoint document library replacement. It is designed to provide SharePoint-based access to blob-stored files where cost, scale or archive access makes SharePoint storage less suitable.
Does BlobBridge store customer files?
No. Files remain in the customer's Azure Blob Storage account. BlobBridge does not store or host customer files.
Do users need Azure portal access?
No. Users access blob-stored files from SharePoint. Their available actions are governed by the configured SAS token permissions.
Do I need one licence per user or site?
No. One BlobBridge licence covers one Microsoft 365 tenant, with unlimited users and unlimited SharePoint sites.
Can users upload SharePoint files into BlobBridge?
Yes. BlobBridge supports SharePoint file picker upload, allowing users to select files from SharePoint and upload them into Azure Blob Storage when the configured SAS token permits upload.
Can files open in the browser instead of downloading?
BlobBridge includes configuration options for file opening and download behaviour, using default browser behaviour or Prefer download.
Can BlobBridge handle large containers?
BlobBridge includes paged loading with Load more for larger folders. Actual performance still depends on container structure, browser conditions, network conditions and Azure Storage responses.
Troubleshooting
| Symptom | Likely cause | Fix |
|---|---|---|
| Files do not list | Expired SAS, missing Read/List, wrong container or CORS issue. | Validate container name, SAS expiry, Read/List permissions and CORS origin. |
| Upload fails | SAS token does not include Create/Write or CORS methods do not allow upload. | Use a valid SAS token with the required permissions and review CORS. |
| Delete fails | SAS token does not include Delete. | Only add Delete if deletion is intended for that web part instance. |
| Token expired | The configured SAS token is no longer valid. | Edit the page, update the BlobBridge SAS token property and publish. |
| Site still shows the older version | The site has not picked up the updated app package. | Go to Site contents, open the BlobBridge app entry and choose Update. |