Well, lets start.

var customers = BLL.CustomerRepository.GetAll();

This was a nice line of code in the last millenium. Before generics and LINQ came along. Seirously.

These days, I would expect it at least to be like this:

var customers = BLL.Repository<Customer>.ToList (); //IF you have to materialize

There is no need for an “All” method at all 😉

Am I missing something?

To a large degree an understanding that you are still within an application, so compromises are sort of acceptable. It is not like you run a trust boundary between applications here. Second, the fact that you should have programmed a better abstraction.

Repository repository = BLL.GetRepository ();
var customer s repository.Entity<Customer>.ToList ();
customer[0].Name = null;
repository.ValidateU ();
repository.Commit ();

would be a lot better abstraction. Creation is not done with “new” but with

var newCustomer = repository.Create<Customer> ();

which then commits.

All validation can be checked in the Validate method.

At the end, this is about HOW you design your interface for the repository – and if you insist on not keeping any state (which is a valid pattern for some operations) then this opens you to problems. And yes, you can have repositories that do not do full validation – totally valid. It really depends. You may be surprised, but I work on applications mostly where the repository is often not even updated in the same transaction as the object for performance reasons, and updates are queued and then batched, while the in memory version is the relevant one for all further operations.

It shows, at the end, that a little more thinking about how to design the DAL interface is in order, and please please please stop using an approach that is totally outdated and just leads to method creep (as you need tons of methods that otherwise just disappear in generics + linq expression trees.