What would you use for a business validation layer?

Question

In my project I need to create a business object validation layer that will take my object and run it against a set of rules and return either pass or fail and it's list of failure reasons. I know there are quite a few options out there for accomplishing this.

From Microsoft:

Open Source:

Has anyone had any particularly great successes or failures with any of these technologies (or any that I didn't list) or any opinions on what they feel is best suited for business rules validation.

Edit: I'm not just asking about generic validations string length < 200, zip code is 5 digits or 5+4 but assume that the rules engine would actually be leveraged.

score 6 · Accepted Answer · edited Jun 20 '20 at 09:12

6

The code-versus-rules-engine decision is a matter of trade-offs, IMHO. A few examples are:

Advantages of code

Potentially higher performance.
Uses developers' existing skills.
No need for separate tools, run-time engines, etc.

Advantages of rule engine

(Features vary across the various rule engines.)

Rule DSL that is writable (or at least readable) by business users.
Effective- and expiration-date properties that allow automatic scheduling of rules.
Flexible reporting from rule repository supports improved analysis and auditing of system behavior.
Just as data-base engines isolate data content/relationship issues from the rest of the system, rules engines isolate validation and policy from the remainder of the system.

edited Jun 20 '20 at 09:12

Community

1
1

answered Feb 09 '09 at 02:16

joel.neely

30,725
9
56
64

This was a good comment to add to this thread but I'm specifically trying to figure out what to base a rules engine off of as opposed to using one or not. – Chris Marisic Feb 09 '09 at 04:00
Rule DSL does not need to have performance worse, than the one of .NET. Just use Boo's extensibility. – Rinat Abdullin Feb 12 '09 at 04:56

score 5 · Answer 2 · answered Feb 14 '09 at 05:04

A modified version of the CSLA framework rules.

Many of the other rules engines have the promise that goes like "The end user can modify the rules to fit their needs."

Bahh. Very few users are going to learn the complexities of the rules document format or be able to understand the complexities and ramifications of their changes.

The other promise is you can change the rules without having to change the code. I say so what? Changing a rule even as simple as "this field must not be blank" can have a very negative impact on the application. If those fields where previously allowed to be blank you now have a bunch of invalid data in the data store. Plus modern applications are either web based or distributed/updated via technologies like click=once. So you updating a couple of components is just as easy as updating a rules file.

So, because the developer is going to modify them anyway and because they are core to the Business objects operations just locate them in one place and use the power of modern languages and frameworks.

Many organizations have a much more extensive approval process for any code change as opposed to other changes. So it's not as simple as physically updating the code when considering the effort involved in a particular method. — Haydar, Dec 12 '11 at 14:08
Haydar I don't understand your point. If you need to get rule changes out quickly and if your code is all nice and decoupled you can set up a separate approval process for rule change. (And if the organization can't then it is a process problem.) Otherwise the extra scrutiny in the code approval process is good. What am I missing? — ElGringoGrande, Jan 18 '12 at 17:03

score 3 · Answer 3 · edited Feb 08 '17 at 14:10

I didn't really like rule and validation blocks provided by Microsoft (too complex and inflexible) so I had to build mine, based on experience with custom business workflow engines.

After a couple of iterations the project has finally gone Open Source now (BSD license) and has proven helpful in production systems. Primary features of .NET Application Block for Validation and Business Rules:

Simple to get started with
Rules for the domain objects
Rule Reusability
Predefined Validation Rules
Behavior Extensibility
Proper object nesting
Designed for DDD and UI level validation
Multiple reporting levels
Production-proof and active development
Small codebase
Open Source

Here's how a simple binding of rules at the UI level looks like:

Binding Rules to UI

Note, that current implementation does not have any DSL at the moment. C# syntax is expressive enough on its own, so there has been no demand to add Boo-based DSL on top.

I liked your series of posts on this, originally I was looking for something more configurable than static but if I decide to go for code I think I'll have to take a look at using this. — Chris Marisic, Feb 08 '09 at 13:53
Something more flexible would be - a Rules Engine that is hosted on the central application service. Optionally, using a human-readable DSL for the configuration. This kind of extensibility is in the design, but so far it was never needed. — Rinat Abdullin, Feb 08 '09 at 16:50

score 2 · Answer 4 · answered Feb 07 '09 at 22:08

2

I have to admit, for really simple validations, I tend to write my own very small, compact rules engine, mostly because I think using someone else's implementation just isn't worth it for a small project.

answered Feb 07 '09 at 22:08

Dave Markle

95,573
20
147
170

I agree, I do the same thing. – BobbyShaftoe Feb 07 '09 at 22:35
Not many, really. At its simplest, it's just a table of functions which return boolean results, and a loop which executes them. Most of the time I can reuse my simple rules class. – Dave Markle Feb 08 '09 at 06:44

score 1 · Answer 5 · answered Feb 12 '09 at 05:12

I've experimented with Workflow Foundation, used EntLib, and written my own rules engine.

In small applications where I only really need to do UI-based validation to ensure invalid data doesn't sneak into the DB, I reach for the EntLib Validation Block. It's easy to use and requires only a minimal amount of code in my domain objects, plus it doesn't mess up NHibernate or anything else in my technology stack.

For complex stuff, domain-layer validation, etc., I'd easily opt to write my own rules engine again. I'd much rather write rules in code, each rule in it's own tiny class, easily testable and very simple to compose complex sets of rules with.

In the large app that I worked on where I wrote this sort of rules engine, we then used FitNesse to test our rule configurations. It was great having that kind of tool to utilize to ensure correctness. We could feed it tables and tables of data and know, with certainty, that our configured rules worked.

score 1 · Answer 6 · answered Feb 15 '09 at 18:00

1

If you are interested in rolling your own, read JP Boodhoo's post on Rules processing. Essentially he lays out a straight forward framework for validating domain objects.

Validatiion in the Domain Layer

Validation in the Domain Layer 2

answered Feb 15 '09 at 18:00

David Robbins

9,996
7
51
82

Arnaud · Answer 7 · 2012-05-08T13:03:04.207

1

Try

http://rulesengine.codeplex.com

It's lightweight, uses fluent-interfaces to define validation logic, extensible, and Free! You can even define rules on interfaces, implementors inherit the rules.

No more annoying attribute-style validation - what it you don't own the class you want to valida

It has a plug-in to Asp.Net MVC (server-side only).

There is also another project called Polymod.Net which uses RulesEngine to provide self-validating UI's as shown in the screen-shot!

edited May 08 '12 at 13:03

answered Mar 16 '12 at 05:34

Arnaud

430
1
3
13

Thanks for the fresh answer, that project does look very clean. – Chris Marisic Mar 16 '12 at 13:19

score 0 · Answer 8 · answered Feb 07 '09 at 22:14

0

Enterprise Library Validation Block provides a very AOP like approach and keeps things simple in both 3.1 and 4.1 from my experience.

answered Feb 07 '09 at 22:14

Toran Billups

27,111
40
155
268

I've used the validation block and it's great for UI validation but to implement real business rules it seems like it'd be painful for complex validations unless I pollute my POCOs with validation logic which is why I'm more interested in an engine. – Chris Marisic Feb 07 '09 at 22:56
1

@Chris: You don't have to polute your POCOs with validation logic. VAB supports the concept of 'configuration based validation'. You can put your validation to entity mapping in a configuration file. Here's a good article that explains how to integrate VAB with O/RM frameworks: http://www.cuttingedge.it/blogs/steven/pivot/entry.php?id=46 – Steven Feb 09 '10 at 11:38

score 0 · Answer 9 · answered Feb 12 '09 at 05:22

0

I recommend using CSLA Framework. Not only for Validation but for other features also.

answered Feb 12 '09 at 05:22

Jedi Master Spooky

5,629
13
57
86

Every time I look at anything related to the CSLA framework all it looks like to me is something that guy wrote to sell books on how to use his framework. From the references to the validation portion I found online quickly it looks like it's all based on reflection, attributes and magic strings. – Chris Marisic Feb 12 '09 at 15:49

What would you use for a business validation layer?

9 Answers9

Advantages of code

Advantages of rule engine