What's the recommended place to perform validation: ViewModel, Model or Controller?

I have a registration page and would like to perform some validation (in addition to the StringLength and Required annotations on my ViewModel) for duplicate usernames and email addresses. Currently I perform this validation in my controller when the registration form is posted back. I'm not sure if this is the right place to do it though.

开发者_如何学GoI can't imagine the ViewModel to be the right place as it would require the ViewModel to have a reference to my UserRepository. Does it make sense to have this kind of validation in the model classes?

If so, how do I implement this on the model so I can check if the information is valid before I sent it into my repository?

Update

Code of my controller action:

if (ModelState.IsValid)
        {
            if (!_userRepository.Exists(registerViewModel.Username))
            {
                if (!_userRepository.EmailExists(registerViewModel.Email))
                {
                    _userRepository.Add(
                        new User
                            {
                                Created = DateTime.Now, 
                                Email = registerViewModel.Email, 
                                Password = registerViewModel.Password, 
                                Username = registerViewModel.Username
                            });

                    _userRepository.SaveChanges();
                    TempData["registrationDetails"] = registerViewModel;

                    return RedirectToAction("Confirm");
                }
                else
                {
                    ModelState.AddModelError(string.Empty, "This email address is already in use.");
                }
            }
            else
            {
                ModelState.AddModelError(string.Empty, "This username is already taken.");
            }
        }

        return View(registerViewModel);
    }

Update 2

Should the domain model care about such constraints as duplicate user names or email addresses or is this something that the controller layer should worry about?

Update 3

It seems that putting the validation logic in the controller makes the most sense as it can be reused in remote validation and in model validation on submit. Is something like checking for duplicates generally a thing that should be done in controllers or does it make sense to have these kind of checks in a domain model?

Thanks,

I would perform it both on the frontend (ajax perhaps) and backend - which depends on your solutions architecture.

I like to let users know immediately if there's going to be a registration issues. In my typical setup of a data layer / business layer and presentation layer, I would perform the dup checks in the business logic and have the controller call that piece of code (in addition to an ajax lookup on the front end for users).

As a bit of a side note: I generally prefer to only use MVVM (with view models) in windows applications. Combining MVC with MVVM can make things unnecessarily complicated

I would suggest that you do this in Controllers.

The main reason is that whatever the structure of the app be, you would definitely need to use Ajax to notify the user whether the username has already been taken or not. Otherwise it's just bad usability which doesn't justify your code structure.

And for that you would like to have a action method which could ajax-ly see if the username exists or not.

Overall, it does mean you may end up with two sets of validation method (UI and model) but its all for a good cause.

Also to make a good usable site you would definitely be using a Javascript framework like knockoutjs or backbone. Thats true MVVM and in that case having your ViewModels being the Model layer classes (as Chris mentioned) is not a good idea. So basically you'll end up with two sets of validation anyways.

As Rob said in the comments, it does depend on the structure of your application. I tend to have a double validation (Validation on my ViewModels as well as validation on my service layer) to ensure that the data that hits the service is valid. This helps because my services get used by multiple clients, but the views and ViewModels are client specific. Front end validations have the advantage of instant feedback, and the backend validations help keep your data clean.

My suggestion is - For validation, such as duplicate email address and user name- to keep your validation methods in controller.

Or in your Validation Layer - which will be used in between view model and data layer

for MVC3 you will be able to add methods in controller as a actions using Remote attribute to your property in view model for instant results

You should validate in both the View (client-side) and Controller (server-side). If you have MVC 3, you can use the new RemoteAttribute. It uses jQuery to make a server-side call, in which you could check for the existence of a user or email address.