Develop application layer which has no dependencies to Presentation Layer?

Question

I am learning general development strategies but there are a lot question in my mind about them. One of them is about creating application layer which shouldn't have dependencies Presentation layer. For example, in MVC application lets say we have application services but this application services doesn't check validation for incoming data models from Presentation layer. It is only checked in controller via ASP.NET MVC validations also service layer doesn't include any authorization stuffs inside. All job is done in Presentation layer. Do you think that is it correct architecture ? Do i have to include all validation and authorizations inside service layer re-again ? If you say yes but how ??

How can i include authorization in service layer ? I really don't know how to control auhthorizations inside service layer. Duplicating validations in also service layer could be ok ?

After all Is it really worth to make such as design if i am sure presentation layer will never change ?

Answer 1

Validation should be in the domain layer. In a DDD application the domain (business) layer should own the validation since it knows most about itself. The service layer operates upon the domain and should handle errors, including validation errors, raised by the domain layer. Handling an error in this case could mean wrapping it in a service layer exception and returning an error code, logging the error, etc. Authorization should also be the responsibility of the service layer. This is not to say that the presentation layer (ASP.NET MVC) should not perform validation or authorization verification. Validation in the presentation layer is typically more light-weight than validation in the domain and service layers and is done in order to improve the user experience. After all, if most of the validation can be performed on the client side, why not do it and save a trip to the service layer? The same logic applies for authorization.

In regards to duplication of of validation logic there is no solution that will fulfill all cases and sometimes you have to accept a little duplication to reduce overall complexity and improve maintainability. The simplest way do do validation in the domain layer is using standard guards and throwing ArgumentException instances. In ASP.NET MVC the simplest way to do validation is using data annotation attributes. Often times it is easier to duplicate validation logic to some extent than it is to implement an all encompassing validation system. Moreover, there may be validation that can only be performed by the domain layer, which is another argument for keeping them separate.

Authorization in the service layer can be done in many ways and depends on the underlying technology used. If using WCF there are many guidelines for doing authorization.