ASP.NET - Is it possible for clients to disable/disregard a 301 redirect?

I have 2 domains that resolve to my web site www.mysite.com and www.mysitecommonmisspelling.com, plus the IP address. I have some code in my Global.asax file that was intended to force all users and crawlers to only use the main domain, like so:

    Protected Sub Application_BeginRequest(ByVal sender As Object, ByVal e As System.EventArgs)

    'If the domain isn't the correct top level domain for this environment,
    'we want to do a 301 redirect to tell the search engines that this is not the right domain to 
    'index.
    Dim Host As String = Me.EnvironmentHost
    Dim CurrentHost As String = Request.Url.DnsSafeHost

    If CurrentHost.ToLower <> Host.ToLower Then
        Dim Url As String = Request.Url.AbsoluteUri

        'The AbsolutUri property returns the Default.aspx whether it was actually specified
        'in the URL or not. Since our server is set up to respond to this as the default page, 
        'we can safely remove it from the URL if it actually exists. We don't want Default.aspx 
        'indexed anyway if possible.
        Url = Url.Replace("Default.aspx", "")
        Url = Url.Replace("default.aspx", "")

        'Replace 开发者_StackOverflowthe current host with the environment host
        Url = Url.Replace(CurrentHost, Host)


        Response.Clear()
        Response.StatusCode = 301
        Response.Status = "301 Moved Permanently"
        Response.AddHeader("Location", Url)
        Response.End()

    End If

End Sub

I checked and Google has not indexed any pages on www.mysitecommonmisspelling.com, so they are apparently respecting the 301. However, a few days ago we had a customer on our site who got free shipping because the licensing code that is only registered for www.mysite.com failed (in other words, the browser was able to access www.mysitecommonmisspelling.com). In the past, we have had issues with the 3rd party shipping component because users were able to access the site using the IP address.

In any case, we don't want users to be able to access the site without the correct domain so the SSL certificate doesn't complain.

I have searched for a way to disable 301 redirects in IE7, but there doesn't appear to be a way. So, what I am wondering is if there are any browsers that can disable 301, and if so what kind of workarounds can I put in place to ensure all browsers on my site are going to the main domain, www.mysite.com?

This type of redirect really belongs in the Web Server, not the Application. For IIS7, there is the URL Rewrite Module.

You may want to setup the IIS to host two websites, MySite and Misspelling, so that Misspelling never ever actually hits your real site. Just setup a redirect on that site.

You may want to check Server Fault on how to properly do it as I'm not an IIS7 Expert.

As for the part of your question about Browsers ignoring it: Sure, Browsers can decide not to follow the 301 Redirect, but then they would just display a blank page. If someone can bypass it, then it means that this line:

 If CurrentHost.ToLower <> Host.ToLower Then

is not working correctly. I don't know if Browsers can actually send a wrong Hostname while accessing a different one (although when in doubt I blame Proxies since they are often very weird).