Where should validation logic be implemented?

Question

When developing my interfaces (contracts) and the concrete implementations of them, both the data models as well as repositories, I find myself questioning where the validation

Answer 1

Validation should be part of the object. Make the environment part of the parameters for the object's constructor. That way you can customize the validation logic for the environment but the object doesn't have to figure out where it's running.

I always use UI validation even though it's verrrrrry weak security at best. It saves round trips to the server (bandwidth does add up) and it allows you to be more user friendly with error messages. But it should never be the only layer of validation.