How to use basic auth for single file in otherwise forbidden Apache directory?

Try this:

<Directory /var/www/html/admin>
  <Files allowed.php>
    AuthType basic
    AuthName "private area"
    AuthUserFile /home/webroot/.htusers
    Require user admin1
  </Files>
  order allow,deny
  deny from all
  satisfy any
</Directory>

Files nested inside a Directory will only apply therein so your code block is more logically organized, and I think using the 'Satisfy any' will allow them to be merged as planned. I'm not sure if it's actually required so try it with and without the satisfy line...

I'm not sure the solution with <Files xxx> actually works well, as the Require doc page states that it doesn't apply to Files

Context:    directory, .htaccess

Instead what the apache doc suggests is to create a separate directory for the file:

Removing controls in subdirectories

The following example shows how to use the Satisfy directive to disable access controls in a subdirectory of a protected directory. This technique should be used with caution, because it will also disable any access controls imposed by mod_authz_host.

<Directory /path/to/protected/>
    Require user david
</Directory>
<Directory /path/to/protected/unprotected>
    # All access controls and authentication are disabled
    # in this directory
    Satisfy Any
    Allow from all
</Directory>