The behavior you see is expected given your setup. The unauthenticatedIdentity option never assigns roles to the caller, only an identity. The run-as role defines what role a component will assume no matter what the caller roles may be.
So how i can resolve my problem ?
i need login (like a client) or i can set more run-as roles... or other?
You answered your own question. Login as a client if you need to behave as a client.