what i do on my server to eleviate the need for .htpasswd and .htaccess files (for user authentication) is use thise code in the httpd.conf file (or what i like to do, include it, so it is nice and neat:
this binds the authentication to the staff group. also allows for a 'psudo realm' as the OSXS Server Admin app does not like to make realms outside the main Documents folder.
Alias /dev "/Volumes/Contents 2/Development"
<Directory "/Volumes/Contents 2/Development/">
Allow from all
AuthName "Development Area"
<Limit GET HEAD OPTIONS CONNECT POST>
Require group staff