tags:

views:

269

answers:

4
+2  Q: 

Do validators duplicate business logic?

I know it's possible to use validators to check data input in the presentation layer of an application (e.g. regex, required fields etc.), and to show a message and/or required marker icon. Data validation generally belongs in the business layer. How do I avoid having to maintain two sets of validations on data I am collecting?

EDIT: I know that presentation validation is good, and that it informs the user, and that it's not infallible. The fact remains, does it not, that I am checking effectively the same thing in two places ?

+3  A: 

I don't think client-side (presentation layer) validation is actual, useful validation; rather, it simply notifies the user of any errors the server-side (business layer) validation will find. I think of it as a user interface component rather than an actual validation utility, and as such, I don't think having both violates DRY.

EDIT: Yes, you are doing the same action, but for entirely different reasons. If your only goal is strict adherence to DRY, then you do not want to do both. However, by doing both, while you may be performing the same action, the results of that action are used for different purposes (actually validating the information vs. notifying the user of a problem) , and therefore, performing the same action twice actually results in useful information each time.

Matthew Jones  2009-06-25 14:22:53
I agree; validation in those locations may perform the same task, but for different purposes; in the presentation layer it is for increased usability, in the data layer to ensure consistent data.
Fredrik Mörk  2009-06-25 14:27:13
The whole purpose of client side validation is to filter out the bad data so the business layer do not have to deal with null/empty strings or invalid data.
azamsharp  2009-06-25 14:51:05
@azamsharp - that's a bit idealistic I think. In the case of the web, the client side really has no relation to what a user can actually submit, it's so easy to change a posted request. You should never trust the data that is submitted to your business layer when dealing with the web.
womp  2009-06-25 15:41:58
I am not implying that we should not have a business level validation. Business validation is the most important validation in the application. But we should also provide the UI validation (input validation). If there is no input validation then we are sending un-filtered data back to the business validation framework again and again. It is good to filter the data at input level. Of course, we cannot filter 100% of input data!
azamsharp  2009-06-25 16:07:48
A: 

I think having good validations at application layer allows multiple benefits. 1. Facilitates unit testing 2. You can add multiple clients without worrying about data consistency.

UI validation can be used as tool to provide quick response times to the end users.

Krishna Kumar  2009-06-25 14:25:44
A: 

Each validation layer serves a different purpose. The user interface validation is used to discard the bad input. The business logic validation is used to perform the validation based on business rules.

For UI validation you can use RequiredFieldValidators and other validators available in the ASP.NET framework. For business validation you can create a validation engine that validates the object. This can be accomplished by using the custom attributes.

Here is an article which explains how to create a validation framework using custom attributes:

http://highoncoding.com/Articles/424_Creating_a_Domain_Object_Validation_Framework.aspx

azamsharp  2009-06-25 14:29:25
+2  A: 

Yes, and no.

It depends on the architecture of your application. We'll assume that you're building an n-tier application, since the vast majority of applications these days tend to follow that model.

Validation in the user interface is designed to provide immediate feedback to the end-user of the system to prevent functionality in the lower tiers from ever executing in the first place with invalid inputs. For example, you wouldn't even want to try to contact the Active Directory server without both a user name and a password to attempt authentication. Validation at this point saves you processing time involved in instantiating an object, setting it up, and making an unnecessary round trip to the server to learn something that you could easily tell through simple data inspection.

Validation in your class libraries is another story. Here, you're validating business rules. While it can be argued that validation in the user interface and validation in the class libraries are the same, I would tend to disagree. Business rule validation tends to be far more complex. Your rules in this case may be more nuanced, and may detect things that cannot be gleaned through the user interface. For example, you may enforce a rule that states that the user may execute a method only after all of a class's properties have been properly initialized, and only if the user is a member of a specific user group. Or, you may specify that an object may be modified only if it has not been modified within the last twenty-four hours. Or, you may simply specify that a string value cannot be null or empty.

In my mind, however, properly designed software uses a common mechanism to enforce DRY (if possible) from both the UI and the class library. In most cases, it is possible. (In many cases, the code is so trivial, it's not worth it.)

Mike Hofer  2009-06-25 14:56:23
So, in effect, e.g. an empty string check is not a business rule, it's a validation rule. A business rule should be more concerned with checking it makes sense to do an action, not that the data is valid to peform an action on?
 2009-06-25 15:24:59
An empty string is both a UI check and a business rule validation. If the client has JavaScript disabled then the client side validation will never fire. That does not mean you will never check for empty string since your business rules should be handling this case in the rules engine. As MikeHofer said, UI validation is to provide immediate feedback to the client.
azamsharp  2009-06-25 16:10:56

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps