Complex Authorization system

[csarp]

Hi,
I am trying to design a complex autorization subsystem on top of the basic autentication system that the system offers.
The main idea is to authorize a single form to multiple types (roles) of users.
I have schools and different type of schools that belongs to different geographic areas.
I want to admit form access only to a specific type of schools (second grade) of one region.
So the basic role authorization system is not applicable to do this.
Does anybody solved the same problem and what are the possible solutions?
Is it possible to integrate an external authentication/authorization system that solves the problem?
Any suggestion will be appreciated!