Is it right to use your "old school username" instead of Context.User.Identity.Name if you are to add Anti-XSRF token on our web app?

We use old shool way to logging in users to our system, we do not set or use Context.User.Identity.Name, can I change my code set the username I have after authentication to achieve the same result or this is another big loophole I have opened by using the username. We do not set or have code to do the Form.Authen.. to set the identity names.

Private Sub FrameworkPage_PreRender(sender As Object, e As EventArgs) Handles Me.PreRender

        Dim userName As String

        If IsAuthenticated() Then

            'userName = Context.User.Identity.Name ' auto generated code way
            userName = CurrentUser.UserName '
        Else
            userName = ""
        End If

        If Not IsPostBack Then
            ' Set Anti-XSRF token
            ViewState(AntiXsrfTokenKey) = Page.ViewStateUserKey
            ViewState(AntiXsrfUserNameKey) = If(userName, [String].Empty)
        Else

            ' Validate the Anti-XSRF token
            If DirectCast(ViewState(AntiXsrfTokenKey), String) <> _antiXsrfTokenValue OrElse
                DirectCast(ViewState(AntiXsrfUserNameKey), String) <> (If(userName, [String].Empty)) Then

                Throw New InvalidOperationException("Validation of Anti-XSRF token failed.")

            End If
        End If

    End Sub