It appears to me that the authentication framework of ROSDK does NOT work for non-RO web service client?
This is my understand: non-RO web service client won’t have the needed ClientID to attach to the session, hence the authentication framework won’t work.
Assuming this is a Delphi server you need to set the xsoClientIdInWsdl flag of TROSOAPMessage's SerializationOptions property. After that ClientID will be exposed in the server WSDL.
Set this property client-side to any random GUID value and server will use this GUID as client Id