@CoderForHire Thank you for the security reminder - you're absolutely right! I'm already getting the UserId from the server-side JWT token via IHttpContextAccessor, never from client input. That was a concern I had from the beginning.

and your question: "What would you use the navigation entities for?"

The user information (CreatedBy/ModifiedBy names) is displayed in:

+product detail pages - showing "Created by John Doe on 2024-01-15"

+admin audit logs - tracking who made changes

+history/activity feeds - "Product 'iPhone 15' was updated by Jane Smith"

so yes, I do need to display this information, but not on every query - only on detail views and admin pages, given that:

+I only need this info for detail views (not list views)

+my current approach with separate queries is working fine in production

+the BaseEntity pattern is already established in my codebase

I think I'll stick with my current approach (Option 2) - querying users separately when needed. The extra 1-2 queries for detail views seem acceptable compared to adding navigation properties to every entity that inherits BaseEntity.