Found a possible solution. I created a new .htaccess file and placed it in the .well-known subdirectory containing:
# # Override overly protective .htaccess in webroot # RewriteEngine On Satisfy Any
With the above .htaccess rules in place webroot authentication works flawlessly. I'm unsure at this point if this opens up any possible security issues.