How to persist frequently used data in Web API Asp.NET Core 5?

Question

I am developing a WebAPI service using ASP.NET Core 5. I am using JWT Token for authentication on each request if the users are logged in. For the client-side I am using Next.js. I am looking for a way to save frequently used data like User (userId, email, username, role) without tripping to the DB. I have done deep research but most of the answers look outdated.
Some of the alternatives I looked

1. Use the JWT payload to save the User object. ( it doesn't look very secure).
2. Use a Cache system Redis for example (This looks like one of the best options but it is time-consuming and needs a lot of resources) Do you guys have any other suggestions?

Answer 1

This is a highly subjective topic, but here is my two cents:

1. Packing your JWT with data is insecure (as you point out) and also will bloat your traffic if you are passing a very large JWT with each request. You can overcome the first issue (security) by looking into JWE (JSON Web Encryption) -- which is just encrypting the JWT. But the bloat issue will remain depending on how much info you want in there and there is overhead associated with the encryption/decryption process.

2. Caching is the classic solution to your problem, and Redis is one of the most common implementations (and easier if you're hosting on Azure). Using a hosted Redis cache simplifies this process if you can handle the expense (which largely depends on how much data you are caching and client connection count). This is going to be more scalable if you need to add more data to be cached in the future or change out what data is cached.