The security, exception handling and other cross-cutting concerns have been purposely left out to make the code easy to understand. The purpose of this sample is to illustrate layering concepts and to get people familiar with how components between layers
interact. As cross-cutting concerns can be implemented differently based on individual's preference, I do not want to dictate how they should be implemented.
However, I can share some ideas with you. :) For security, you need to secure your "tiers" and not layers. If you are following the Deployment Architecture of the ExpenseSample, then the point where you need to secure is on your application security at your
front-end (web or desktop app), your back-end (service endpoints) and the connection to your database server.
For exception handling, you can implement them at your boundary layers i.e. at Service layer and Presentation. You do not need to have try...catch blocks in every method if you do not intend to handle the exception or not adding extra information to
it. The exception will bubble up to the caller and so, you only need to handle the exception at the boundaries.
You can read more about how to implement cross-cutting concerns in the
Microsoft Application Architecture Guide 2nd Edition.
This sample should not be treated as a template. :) If you are looking for template guidance, may I suggest you check out the related project instead, Layered Architecture Solution Guidance. There
is an experimental option to generate an ErrorHandler at the service layer to trap all exceptions from the backend. But you will need to do some reading on WCF to know how to configure it because at the moment as the tool doesn't generate the necessary
Have fun and Happy Layering ;)