I’ve seen lots of book and article examples saying to put validation code in your Service Layer. Keep the Domain Objects “dumb” (aka, pure POCO’s) and handle all validation that a Domain Object might do in the Service Layer.

The Service Layer is responsible for so much it seems (or at least it can be); user authentication, role authentication, scripting dependency objects for IoC’s (loggers, error-handlers, etc…), scripting Domain Objects, scripting repositories and passing Domain Objects to and from the repository… whew!

Doesn’t creating all these rules in the Service Layer pose a substantial threat to your Domain Objects? For instance, what happens is some programmer decides to write consuming code directly against your Domain Objects and just bypasses the Service Layer altogether? That would be bad, but a believable situation.

If you are going to put a lot of the responsibilities in the Service Layer, including all Domain Object validation, is there a way to “protect” your Domain Objects is someone tries to script them directly? For instance, maybe some way your Domain Objects now they’re not being used by a certain client (in this case, the Service Layer?).

Good design makes me think the Domain Objects should know nothing about who’s calling them and how they’re being called.

If there is no way to “lock down” the Domain Objects, then why are so many articles, books, etc suggesting that putting Domain Object validation in the Service Layer the way to go? I would imagine by taking a defensive programming position, that you should build your Domain Objects to be bullet-proof, and rely on your Service Layer for a simple layer of code to forwarding and receiving requests between the UI and the BAL/DAL.

Has anyone had some real-life project experiences with “abuse” of their Domain Objects from people that have bypassed their Service Layer?