That might change from case to case, but as a general rule, if you're using default items/scripts from ASP.NET MVC (including jQuery.Validate.Unobtrusive), here follows:
Does a viewModel validate both client and server level, if is this automatic or do we need to implement something.
Yes and no. Depends on your case
/project
/referenced scripts
/rules used
. There should be a jquery.validate.unobtrusive.js
item on your project along with a jquery.validate.js
and, of course, a jquery.js
for client-side validation to take place automatically (unobtrusively).
But client-side validation rules are limited and they won't validate everything. On the other hand, you can extend it quite easily. When a validation rule is not supported on client-side and you don't implement that rule, it will get validated only on server-side.
Unobtrusive validation is there to help you with automatic client-side validation, instead of manually checking each field for valid input/selection. It's not perfect, but should work fine on most cases.
A field such a username where you need a db call to check for availability should this validation be in a view model or httppost of the controller.
There's no "universal rule" for that, as some people would argue that db-related method must be on a repository, some would allow it on controllers and since this is related to validation, some would validate it inside the validation rule.
I'm into putting this kind of rules into either the controller or a repository, the one that looks finer for your.
On our projects when we have some extra validity-related checks that need any db call, they call a method on a controller which delegates the call to a repository. This allows us to call the same method from both client and server side, whenever needed (eg: check if already taken username right after typeing it).
Final considerations
Personally, I don't like DataAnnotations. I used to, but not anymore, as it get's really hard to keep on a large-scale project with complex-multi-validations and more.
I'd suggest you go for FluentValidation which has a nice fluent interface and is extensible. It too allows both client-side and server-side validation and allows you to perform complex tasks in a friendly way.
For instance, we've created a custom rule (with it's client-side part) to check for already-registered emails, which calls a controller and receives a json result to parse and validate the field. This way, we simply have a RuleFor(_account => _account.Email).NotAlreadyTaken()
and the email get's validated on both client and server-side, and you get that through ModelState.IsValid
just as with the DataAnnotations.
But before you ask if this is not possible with DataAnnotations (or someone else comes here to say that it's possible), yes this is possible without FluentValidation. I think it's more of a personal choice really.
The interesting part of FluentValidation is that you can have a separate assembly only with validations and provide all that validations using Ninject or any other IoC.
Anyway, check this tutorial on how to begin with client-side validation with DataAnnotations, or FluentValidation website to start using FluentValidation.