Here is the solution I found, using ASP classic:
<%
Option Explicit
Response.Buffer = True
If (not Session("Logged")) Then Response.End
Dim objFso
Dim objStream
Dim strFileName
Dim strFilePath
strFileName = "App.exe"
strFilePath = "d:\yoursitefolder\protectedfolder\"
Set objFso = Server.CreateObject("Scripting.FileSystemObject")
If objFso.FileExists(strFilePath & strFileName) Then
Response.AddHeader "Content-disposition", "filename=" & strFileName
Response.ContentType = "application/octet-stream"
Response.AddHeader "Pragma", "no-cache"
Response.AddHeader "Expires", "0"
Set objStream = Server.CreateObject("ADODB.Stream")
objStream.Type = 1
objStream.Open
objStream.LoadFromFile strFilePath & strFileName
Response.BinaryWrite(objStream.Read())
objStream.Close
Set objStream = Nothing
End If
Set objFso = Nothing
%>