Where should validation logic be implemented?

Question

When developing my interfaces (contracts) and the concrete implementations of them, both the data models as well as repositories, I find myself questioning where the validation

Answer 1

Certainly in a web environment anything you put in the client side for validation can be bypassed.

Generally I put validation in class. Then have the setters raise or throw an exception, or if you prefer use a return value. I use exceptions in the .Net world because I can have a set of custom exceptions with clear validation rule messages returned to the consumer/client.