How to authenticate a user on the middle tier using Windows authentication
That's something DataAbstract should handle itself, and if it doesn't it's a half backed library as Datasnap is :) When it comes to remoting, authenticating/authorizing endpoints and protecting the data exchange is really critical.
Basically, you have to send not the user credentials, but exchange a "token" which both the client and the server know how to authenticate. A full explanation can be complex. You can start from MSDN (look for AcceptSecurityContext() and InitializeSecurityContext()). A possibile issue is if DataAbastract has the proper hooks to implement the authentication phase, which may require more than one roundtrip.
As a stopgap measure you can enable IPSec to protect the communication channel and don't let whole user account be "sniffed" easily.