The method I usually use to solve this is when setting the user roles, create virtual roles. Therefore if the you wanted to only allow Student Administrators access to a page were a user has both Student and Administrator roles you could add a new StudentAdministrator role.

I don't think you can do this via the current configs allowed in web.config. What you could do though is something like the following... as the very first line in your Page_Load event for the page in question, use the following code (VB):

If Not (User.IsInRole("Role1") AndAlso User.IsInRole("Role2")) Then _
    FormsAuthentication.RedirectToLoginPage()

This line of course is assuming you are using FormsAuthentication. If not, you would need to replace FormsAuthentication.RedirectToLoginPage() with the appropriate code depending on your authentication method.

I don't know your situation exactly, but based on your code, it looks like you could go one step further, and add a table with a mapping of users to sites, and do something like the following:

In a public module, add the following code:

<System.Runtime.CompilerServices.Extension()> _
Public Function ManagesSite(target As System.Security.Principal.IPrincipal, siteName As String) As Boolean
    Return [ code here to look up whether this user can access the site specified ]
End Function 

Then you can write the previous code as something more logical, such as:

If Not (User.IsInRole("SiteManager") AndAlso User.ManagesSite(Request.Url.Host)) Then _
    FormsAuthentication.RedirectToLoginPage()