Add Azure Blob Storage Gen2 (ADLS HNS) support to BlobFileStore

[Skrypt]

Make BlobFileStore adaptive: it now auto-detects whether the storage account has Hierarchical Namespace (HNS) enabled and uses native DataLake APIs for atomic moves, real directories, and efficient listing when available. Falls back to standard flat-namespace blob operations otherwise. HNS detection can be overridden via configuration.

• Add IFileStoreCapabilities interface and FileStoreCapabilities impl
• Add GetFilesAsync, GetDirectoriesAsync, Capabilities to IFileStore
• Add UseHierarchicalNamespace option to BlobStorageOptions
• Add Azure.Storage.Files.DataLake package dependency
• Add MediaCreatedFileAsync and MediaCopiedFileAsync event hooks

Storage Capabilities in the Vue 3 Media App

The Vue app fetches capabilities — but only for display

The frontend calls a dedicated GetCapabilities API endpoint exposed by MediaApiController:

[HttpGet]
[Route("GetCapabilities")]
public async Task<ActionResult<FileStoreCapabilitiesDto>> GetCapabilities()
{
        return Ok(new FileStoreCapabilitiesDto
        {
            StorageName = _mediaFileStore.StorageName,
            HasHierarchicalNamespace = _mediaFileStore.Capabilities.HasHierarchicalNamespace,
            SupportsAtomicMove = _mediaFileStore.Capabilities.SupportsAtomicMove,
        });
}

The Vue app retrieves this via FileDataService.getCapabilities() and a useStoragePopover composable shows it in a UI popover (storage provider name, quota, capabilities). However, it does not use the flags to conditionally change UX behavior — there is no "if supportsAtomicMove then show rename, else show copy" logic.

All operations go through separate, unified API endpoints that adapt server-side

The Vue app calls the same endpoints regardless of storage backend:

Vue Operation	API Endpoint	Server-side adaptation
Rename file	POST /api/media/MoveMedia	Backend calls atomic RenameAsync or copy-then-delete
Move file	POST /api/media/MoveMedia	Same — rename is treated as a move
Copy file	POST /api/media/CopyMedia	Backend uses blob copy or File.Copy
Bulk move	POST /api/media/MoveMediaList	Backend loops, each adapts per storage
Create folder	POST /api/media/CreateFolder	Backend creates real dir or marker file
Delete folder	POST /api/media/DeleteFolder	Backend does recursive delete or enumerate-and-delete
Delete file	POST /api/media/DeleteMedia	Unified
Bulk delete	POST /api/media/DeleteMediaList	Unified

Conclusion

The Vue app uses a single set of API endpoints — it does not branch its UX based on capabilities. All the adaptation happens server-side in DefaultMediaFileStore, which delegates to the underlying IFileStore implementation. The capabilities are surfaced to the user purely as informational (shown in a storage popover), not to drive conditional frontend behavior.

This is the right pattern — the frontend stays simple and the storage abstraction handles the differences transparently.

TODO

• Implement a set of integration tests against BlobFileStore (Gen 1 and Gen2) with Azurite
• Azurite needs to support ADSL; see: ADSL Gen 2 Azure/Azurite#2635

[Piedone]

I'll try to review this over the weekend.

[Piedone]

Will #14256 use the new APIs for better UX?

[Piedone]

Same concerns for this being in OrchardCore.Tests as under #19015 (comment).

[Piedone]

This and DeleteDirectory_WithNestedSubdirectories_DeletesAll fails for me in the Gen1 tests with an actual storage account in Azure.

[Skrypt]

That would mean that Azurite is not emulating properly for Gen 1. I'll take a look.

[Skrypt]

We should not test this with Gen 1 storage simply.

[Piedone]

Add a sample for this into the Web project's appsettings and here, with an explanation on when would you set what (my understanding is that usually, you wouldn't need to set this): https://docs.orchardcore.net/en/latest/reference/modules/Media.Azure/#configuration

[Skrypt]

It's an escape hatch for two edge cases where auto-detection doesn't work:

SAS tokens — GetAccountInfoAsync() requires storage account-level permissions. A SAS token scoped to a container won't have them, so the detection call fails and falls back to flat-namespace. If the account is actually Gen2/HNS, the user needs to set UseHierarchicalNamespace: true to force the correct behavior.

Local emulators (Azurite) — Azurite doesn't implement the GetAccountInfo endpoint, so detection always fails. Combined with the separate DfsEndpoint option, this lets dev environments opt-in to HNS simulation without a real Azure account.

Without the override, there'd be no way to use HNS-dependent features (atomic moves, real directory ops) in either of those scenarios.

[Piedone]

OK then, please document this.

[Skrypt]

done

[Piedone]

Sync-over-async is not the best, can this be done better?

[Skrypt]

fixed

[Piedone]

Do this in the other file stores too, at least to set StorageProvider. And FileSystemStore has HasHierarchicalNamespace and SupportsAtomicMove too.

[Skrypt]

No. AwsFileStore and FileSystemStore don't override Capabilities at all — they inherit the interface default (FileStoreCapabilities.Default), which returns all-false. That means:

FileSystemStore — the local filesystem doesn't need HNS detection; it just uses regular directory semantics, so Default (flat, no atomic move) is correct.
AwsFileStore — S3 is flat-namespace only (no HNS concept), so Default is also correct.
The EnsureCapabilitiesAsync pattern is specific to BlobFileStore because Azure Blob Storage has two distinct modes (Gen1 flat vs Gen2 HNS/ADLS) that need to be detected at runtime by calling the Azure API. The other stores don't have that ambiguity — their capabilities are statically known.

[Piedone]

Now you removed StorageProvider so that's not needed but I don't see why you wouldn't want to set the other two for FileSystemStore. You added this to describe capabilities of the provider to consumers, so they can e.g. optimize the UX, right? (In addition to this being not just nice to have, but necessary to distinguish between Gen1 and 2 Blob Storage). The local file system definitely has both a hierarchical namespace and supports atomic moves (two things that Gen2 mimics from a standard file system), so it shouldn't use FileStoreCapabilities.Default.

Now, if you actually meant IFileStoreCapabilities to be specific to BlobFileStore, then it shouldn't be a type in the general OrchardCore.FileStorage, nor should it be exposed via the general IFileStore interface.

Also, I'd ask you to please check AI answers instead of copying them to replies. I'm conversing with you, if I want to ask Copilot, I'll do that directly.

[Skrypt]

I will take a look at if we can do this better. There is an assumption you are doing that the UX will be different on the Media Gallery that you should not do. I can explain in details by showing you on a call because it is not changing the way the new Media Gallery will behave for different reasons. I see that you are trying to see the whole things altogether here.

I will rethink how this part can be done here if we can make it more self explanatory through code. Though the code should only affect the server side behaviors.

[Skrypt]

As for the Copilot/AI comment, I'm simply just trying to save time. The answer was accurate as this is how the current server side code works. If we want to support atomic move on local filestorage then we need to change the way the server side code works and thus changing another provider. Then this would be a different PR.

[Piedone]

Thanks!

Based on the documentation on IFileStoreCapabilities about how these properties are meant to be used, both look like they apply to FileSystemStore.

    /// Gets a value indicating whether the store has a true hierarchical namespace
    /// (i.e. directories are first-class objects, not simulated via path prefixes).

Directories are not simulated via path prefixes but are first-class objects e.g. in NTFS and Ext4.

    /// Gets a value indicating whether the store supports atomic (server-side) move / rename
    /// that does not require a copy-then-delete round-trip.

Same, you can tell a file system to move or rename a file and it won't be a copy.

[Piedone]

I don't think this should have a default. Every provider should set at least StorageProvider.

[Skrypt]

fixed

[Skrypt]

I simplified this. No need to set a StorageProvider but a StorageName now.

[Piedone]

Where do we need this? It's not currently used.

[Skrypt]

agreed, removed

[Skrypt]

I'm changing this configuration to report that the local FileStorage uses HierarchicalNamespace and supports atomic move. It technically should not break any custom implementations.

[github-actions]

This pull request has merge conflicts. Please resolve those before requesting a review.

[Skrypt]

@Piedone Same here, moved everything to a new project and also new GH workflow.

[github-actions]

This pull request has merge conflicts. Please resolve those before requesting a review.

[hishamco]

As we discussed in the latest steering meeting to utilize TestContainers, this closed in favor of #19162