I got an action method (say public void ShowMeSomething ), and I do not want users to be able to browse to mysite/this/showmesomething.  However I want this action method to be callable from another action method.

 Can one do this?  I guess not, because this action method will return a view.  Thought I'd ask anyhow

Make ShowMeSomething be private rather than public.

Paul is right - making the method private / internal will prevent it from being web-callable.  If you need the method to be public (for testability or whatever else), then decorate it with the [NonAction] filter.  This will make any public method on a controller class non-web-callable.

 Ok, I will try that.  But I'm not sure my "idea" is possible

mysite/candidate/candidatedemo should not work.

only way the above view render is from the controller: 

// GET: /Candidate/
public ActionResult Index()
{
	return RedirectToAction("CandidateDemo");
}

// GET: /Candidate/CandidateDemo
private ActionResult CandidateDemo()
{
	return View("CandidateDemo");
}

You could mark the method as protected (the default is to only use public methods as candidates for actions), but I'd also consider moving the logic into another class that is not a controller itself, but that your controller will use.

 Nope, dont work.  Obviously I tried shooting at something that's not there. 

I'll use some different logic to achieve the same result (partial view in a if block perhaps).  But first will try out what bitmask suggested.  Sounds interesting.

Thanks for the time!

In addition the the solutions already suggested above:

You may be able to modify your route definitions so that ShowMeSomething action does not match any, hence the URL will not be handled,

Or you can decorate the action method with [NonAction] attribute - then it can remain public, action invoker will ignore it.

CW2:

You may be able to modify your route definitions so that ShowMeSomething action does not match any, hence the URL will not be handled,

Please do not do this.  First, it is somewhat difficult to prove that an action method can never be matched by any route.  Second, if you're trying to protect the action method, then protect the method itself (either through a filter or by making it non-public), not by constraining some particular MVC entry point that indirectly calls that method.

Finally and most importantly (and this is related to the second point), there's nothing stopping the dev team from in the future adding a special well-known route like /ExecuteMVC.asmx?controller=Home&action=Index&responseType=RSS.  If we did implement this, it would bypass your route table entirely, and if your route is responsible for security decisions then your application is vulnerable.

These reasons are among the many why we've been telling developers that you must not make security decisions in the routes.