Where should validation logic be implemented?

Question

When developing my interfaces (contracts) and the concrete implementations of them, both the data models as well as repositories, I find myself questioning where the validation

Answer 1

I have had a lot of success putting all my validation as close to the place where the data will be held in the business layer. E.g. in the property setters. This guarantees that you're only ever passing around valid data within your business layer and also guarantees that the UI will be receiving valid data from the business layer.

To some degree this also avoids the need for a lot of validation in your data layer if your code always passes through your business layer.

The only rule I would be dogmatic about is to never trust UI level validation, as this layer is the most easily compromised (especially in a web application). UI level validation is a sweetener just to make your user experience more friendly.