ok this is sort of a 2 parter

On our website we offer a pay then download option....

now is there anyway to secure the exe file that is on the website to prevent unauthorized downloading before a customer has payed?

Currently the file sits at a directory like this

http://www.mysite.com/payfiles/thefile.exe

now if a person simply types this in the browser.. they will get the file.. so I am looking for a way to prevent that (which is number 1)

currently what I do is after they pay there is a confirmation page, which has a button to download the exe, on this button click is a response.redirect to the exe download, which does not change the location of the webbrowser (which is good) and does not seem to add the location of this exe to the history or anything, but I am unsure if this is 100% secure. (which is number 2)

I know sites offer this so there must be a secure way to do it...