Pasquale,

Okay, I've got my EWB environment set up to run your application.  Can you now give me the steps to execute in your application to reproduce the example ?

Two other things:

1) In the future, do *not* send me your entire application.  Send me a cut-down example project that demonstrates the issue you are having, and nothing else.  It has taken me a lot of time to get everything set up to run your application.

2) Do *not* perform authentication in your client-side EWB application.  You should *never* send any authentication information to the client application, especially password hashes.  Everything that is sent to the client can possibly be intercepted, depending upon the situation, so to cut down on attack vectors, you should not do so.  Always use a TServerRequest instance to send authentication information to the back-end web server (https only !!!!) and use a web server module to authenticate against your users table in your SQL Server database.  There really is no need to use hashes on the client side if you're using a secure connection (https).  Just send over the user name/password, and let the web server module perform the hashing, etc. for authentication.  See here for more information on creating a web server module for EWB:

http://www.elevatesoft.com/manual?action=topics&id=ewb2mod&product=rsdelphi&version=XE&section=getting_started

Tim Young
Elevate Software
www.elevatesoft.com